Tool Release: msramdmp – Image RAM after a cold boot

 analysis, forensics, hardware  Add comments
Mar 022008
 

The Princeton guys that I mentioned in my last post have not released the tools that they used in their paper, yet. I wanted to play around with the way PC’s tend to retain memory, so I’ve written my own implementation of the RAM dumper they describe and show in their videos:

Now, you can try it out for yourself, and see how you can recover text, images, and other data (such as encryption keys!) from memory after the plug has been pulled for a short period of time.

 Posted by wesley at 11:36 pm

  3 Responses to “Tool Release: msramdmp – Image RAM after a cold boot”

  1. kitche says:
    March 3, 2008 at 6:22 pm

    To bad I do not have a USB bootable computer or else I would try it.

    Reply
  2. meckator says:
    March 4, 2008 at 9:17 am

    msramdmp – Cold Boot Attacke starten…

    Die Cold Boot Attacke geistert ja bereits seit einiger Zeit durch die Blogosphäre, doch nun wurde das erste passende Tool veröffentlicht. Leider nicht von den Leuten von der Princeton Universität sondern von Wiesel McGrew, der auch ein spannendes Bl…

  3. Josh Stinson says:
    September 9, 2008 at 5:18 pm

    Thank you very much for making this available. it has been very helpful.

    Reply

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

   
© 2012 McGrew Security Suffusion theme by Sayontan Sinha