- Windows Forensics Cookbook
- Oleg Skulkin Scar de Courcier
- 164字
- 2021-07-02 20:57:40
How to do it…
This time, we don't need to know what kind of operating system we are dealing with - 32 or 64-bit. As we have already been said, DumpIt is a fusion of Win32dd and Win64dd in one executable. So, there are just two steps:
- Plug in the external drive in the target system
- Start DumpIt.exe and type y to start the acquisition process
As a result of the acquisition, you'll get two files: a file with the DMP extension and a file with the JSON extension. The first is the target system's memory dump with the computer name, date and time (UTC) in the file name, the second - the dump information, includes important information from a forensic point of view. It includes file size, system architecture type (32/64), KdCopyDataBlock KdDebuggerData, kdpDataBlockEncoded, sha256 hash, and so on. So that's it, the DMP file is ready to be analysed with the memory forensics software of your choice.
- Instant Node Package Manager
- LabVIEW Graphical Programming Cookbook
- LabVIEW入門與實戰開發100例
- Mastering PHP Design Patterns
- Bulma必知必會
- JavaScript+Vue+React全程實例
- 從學徒到高手:汽車電路識圖、故障檢測與維修技能全圖解
- Learning DHTMLX Suite UI
- SQL Server從入門到精通(第3版)
- Python Data Analysis Cookbook
- Getting Started with Gulp
- PLC應用技術(三菱FX2N系列)
- Extreme C
- Django 3.0入門與實踐
- 計算機應用基礎教程(Windows 7+Office 2010)