Memory Forensics

Posted by & filed under Forensics, Security.

Dumping out a image of the current memory set for further analysis seems to be a much better approach to finding hidden processes, open ports, etc. is a good article on it.

In a nutshell provides a suite of tools. Once he image gets dumped, you can analyze it with analyze.bat which will generate a XML file that you can import into excel for analysis.