Wednesday, October 16, 2013

Wisconsin Association of Computer Crime Investigators 2013 Conference

"Sup" (...been a long while)

PTFinderFE is obsolete do to the new innovations in Volatility.
(Updated 10/20/13)My New Volatility Batch File Maker does all that PTFinderFE did and MORE!!!
*****Known Issue with processing x64 memory and creating Memdump.bat, Procmemdump and Vaddump.bat files -Fix by 10-21-2013
The New Volatility Batch File Maker is a little kludgy but usable.
The Win8 (very beta V6) Enscript does find eprocess block artifacts but doesn't currently include the offset to the PDB or the Offset.( I know- the offset to the offset)

Other Tools
Graphviz 2.34 MSI
Volatility 2.2 Standalone .exe
Volatility Test Samples



at

1 comment:

  1. CognitechOctober 1, 2019 at 12:47 AM

    Cognitech develops Advanced Image Processing Software. Get the latest Image Processing Software from the most trusted company.

    ReplyDelete