Its one thing to have a piece of data but its another thing to be able to get the metadata about said data. ExifTool (http://www.sno.phy.queensu.ca/~phil/exiftool/) is a tool that will allow just that. Its command line based but there is a GUI version as well called pyExifTool (https://hvdwolf.github.io/pyExifToolGUI/). The tool
Month: July 2014
Windows Memory Capture using DumpIt
One of the simplest tools for capturing memory from a Windows system is DumpIt. The program is very portable and saves the capture to wherever the program is ran from. Most people will run it from a flash drive but depending on your company’s security policy that may not be
Memory Capture via Hibernation File
If you are having a hard time getting a memory capture using commercial tools, have no fear, Microsoft to the rescue! Starting with Win2K, each version of Windows has supported OS hibernation. When you put a system into hibernation, it creates a hiberfil.sys file on the root of the filesystem