Usb ram dump

[macsdd]

i'm curious whether or not it would be possible for a u3 or a usb program to do a ram dump on a computer. now we all know the advantages to a ram dump means that you could basically go back and find not only the windows username and password but also any passwords entered during the session, furthermore as i understand it it's almost impossible to remove these things from the ram without shutting off the computer. so i suppose my question is one whether or not ram dumping requires the user to be logged on as admin, and two whether this would even be possible via usb drive ( the size would have to be over 4 gigs i suppose)

[SomethingToChatWith]

You'd probably haft to be admin...

If not in XP most defintely in Vista/W7.

[DMilton]

I think it's not necessary to have admin privileges to make a dd copy of ram memory.

For your purpose, you can use Mantech Memory DD to make a forensic image of physical memory, storing it as a raw binary filemage. Then, at home, you can use Volatility (perl framework) to analyze the image.

You can call the MDD (Mantech Memory DD) in an automated way from the usb with no problem (it doesn't need any library) and it will work for Windows 2000, Windows Server 2003, Windows XP, Windows Vista, and Windows Server 2008.

The resultant image can grow to 4GB...

[Liberation]

Has anyone here looked at Direct Memory Access on Firewire to do the same? I know it's possible and much faster than USB but because Firewire is mostly used for video not that many hacks have been published. It would be an amazing thing to have for any Mac admin's who have too many PEBCAC users who fubar all their stuff up regularly and there would be no need for PW's at all.

[DingleBerries]

Firewire, DMA & Windows . There it is.. Remote exploit has a newer version for vista and XP sp3.