March - 18 - 2008
Posted by Matthieu Suiche
Comments Off
In November 2007 at PacSec'07, Tokyo, Japan, Nicolas Ruff and I (Matthieu Suiche) presented how to create a readable physical memory dump from the undocumented Microsoft hibernation file. Last month, I published an open-source public version of this project called SandMan Framework. This framework allows manipulating the hibernation file for offensics (malicious) or forensics uses. [ Read More ]
March - 4 - 2008
Posted by Matthieu Suiche
Comments Off
These last weeks several proof of concept were published about physical memory access. The first one (21 February 2008) was from Princeton university who published a very buzzed proof of concept in video.. This one allows to read the physical memory in a limited time. The second one was SandMan which is hosted by myself. [ Read More ]
