First, I wrote new EnScript "ConnScan", for Windows 7 x86/x64. After I used some network applications (at the same time, I saved the result of netstat command), I acquired the memory image by using Moonsols Win64dd. The result is as below:
There was a broad distinction between the output of EnScript and Memoryze. For instance, EnScript (info inside red frame) extracted 3 connections used by Dropbox, but Memoryze (info inside blue frame) passed over all of them. I think this example is only a small part of the problem.
I recommend you validate the result by using multiple tools when analyzing RAM image.
轉自 CCI
There was a broad distinction between the output of EnScript and Memoryze. For instance, EnScript (info inside red frame) extracted 3 connections used by Dropbox, but Memoryze (info inside blue frame) passed over all of them. I think this example is only a small part of the problem.
I recommend you validate the result by using multiple tools when analyzing RAM image.
轉自 CCI
發表文章
0 意見: