Store Manager (Sm*) is pretty new under Windows 7/Windows 2008 R2 kernel, this is a new management system to deal with both virtual and physical stores. ReadyBoost (cache/files/logs, …) is one exemple. Even through ReadyBoost had been firstly introduced into Windows Vista and Windows 2008 (Refer to Mark Russinovich writeup about Windows Vista Kernel for [ Read More ]
One HBGary developper wrote a blogpost about windd entitled “Windd – Almost there, but not quite…“. HBGary says *they* but I would like to say to readers that windd is a project that I developped and maintain alone, on my spare time. More and more people are using windd so it looks I have to [ Read More ]
First, I would like to thanks people who attended to this Webcast and to BlackHat folks for inviting me and making this webcast great! If you missed it, slides are now available at the following link: New Frontiers In Forensics [PDF] People can access to Win[32|64]DD page here: http://windd.msuiche.net. And media materials should be available [ Read More ]
EDIT: 1.3.20091113 version contains a fix for incorrect size bug and raw memory dump. EDIT: 1.3.20091024 version contains a fix for networking feature under Vista and Later. Download windd 1.3 Win32dd and Win64dd are finally mature enough to be released which is a very good news. First, I would like to thanks Nicolas Ruff, Andreas [ Read More ]
I was reading an article about Windows 8 and 9 (which should support IA-128 architecture) when I highlighted: Researched new algorithms and programming methods to build Hibernate/Resume Integration API that can integrate and utilize the new TLZ file compression engine for the Hibernate/Resume component of new Windows 8 Operating System. Using C and C++ programming [ Read More ]
