PTFinder Version 0.3.00

Version 0.3.00 of PTFinder has been released. This version adds some experimental support for XML output.

At DFRWS 2006 and later I was asked to add XML output to PTFinder. The main purpose of PTFinder still is the identification of _EPROCESS and _ETHREAD structures in Windows memory dump files, but the analysis of those data.I leave this to other programs. Therefore the generated XML only contains information which identifies processes and threads along with their location in the dump file.

The XML schema is supported by GMG Systems, Inc. KnTList. Thanks to George Garner for his help with the schema definition.

Please note that I dropped support for Windows 2000 in favor of Windows XP with Service Pack 2 for the development version. PTFinders for other OS versions are available from the PTFinder collection.

As usual I kindly ask you to direct all bug reports, comments and suggestions to bugs-ptfinder [at] forensikblog.de.

Archives

Imprint

This blog is a project of:
Andreas Schuster
Im Äuelchen 45
D-53177 Bonn
impressum@forensikblog.de

Copyright © 2005-2012 by
Andreas Schuster
All rights reserved.
Powered by Movable Type 5.12