Jump to content

Usb ram dump


macsdd
 Share

Recommended Posts

i'm curious whether or not it would be possible for a u3 or a usb program to do a ram dump on a computer. now we all know the advantages to a ram dump means that you could basically go back and find not only the windows username and password but also any passwords entered during the session, furthermore as i understand it it's almost impossible to remove these things from the ram without shutting off the computer. so i suppose my question is one whether or not ram dumping requires the user to be logged on as admin, and two whether this would even be possible via usb drive ( the size would have to be over 4 gigs i suppose)

Link to comment
Share on other sites

I think it's not necessary to have admin privileges to make a dd copy of ram memory.

For your purpose, you can use Mantech Memory DD to make a forensic image of physical memory, storing it as a raw binary filemage. Then, at home, you can use Volatility (perl framework) to analyze the image.

You can call the MDD (Mantech Memory DD) in an automated way from the usb with no problem (it doesn't need any library) and it will work for Windows 2000, Windows Server 2003, Windows XP, Windows Vista, and Windows Server 2008.

The resultant image can grow to 4GB...

Link to comment
Share on other sites

  • 1 month later...

Has anyone here looked at Direct Memory Access on Firewire to do the same? I know it's possible and much faster than USB but because Firewire is mostly used for video not that many hacks have been published. It would be an amazing thing to have for any Mac admin's who have too many PEBCAC users who fubar all their stuff up regularly and there would be no need for PW's at all.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...