About the author

msuiche Matthieu Suiche (pronounces it “Swich”) matt[at]msuiche(.)net is a security enthusiastic interested in reverse enginering, Windows internals and kernel development, mainly know for his work on Windows physical memory acquisition and analysis. He is also Microsoft MVP Entreprise Security. Matthieu is a frequent speaker at various world top-security conferences.

Some utilites :

  • Win[32/64] Utility is a free Windows utility, by Matthieu Suiche, which aims at being used as a swiss-knife to acquire the physical memory by investigators, incident responses engineers, malware analysts, system administrators and kernel developpers. (project page)
  • SandMan Framework is a framework to manipulate Hibernation files (project page)

Lectures
Challenge of Windows physical memory acquisition and exploitation – Shakacon, Honolulu (2009)
Windows hibernation file for fun and profit – Blackhat, Las Vegas – NV (2008)
Enter SandMan – PacSec, Tokyo – Japan (2007) English
Enter SandMan – PacSec, Tokyo – Japan (2007) – Japanese

Publications
SandMan White Paper (February, 2008)
Windows Vista and unexported kernel symbols (Part II, 32bits version) (January 31, 2007)
Windows Vista and unexported kernel symbols (Part I, 64bits version) (January 1, 2007)

Comments are closed.