Windows Memory Forensics & Incident Response

Tools, Accessories & Solutions

WindowsSCOPE version 3.2 includes support through Windows 10 with advanced data search capabilities to find URLs, credit cards, names, etc. in captured memory. It is  the next generation in live memory forensics tools and memory forensics technologies — with customers in US, Canada, Europe, and Asia. It also provides the most sophisticated memory forensics analysis for security breaches. Now offering cloud rentals and node-locked version.

CaptureGUARD and Phantom Probe hardware accessories provide memory acquisition and magical access to locked computers (access live memory and encrypted disks without needing password).

Unlock Windows Computers with CaptureGUARD Gateway

Watch WindowsSCOPE in Action Detecting Stealth Rootkits

WindowsSCOPE Phantom Probe

A USB 3.0 dongle containing the WindowsSCOPE Phantom Probe that complements WindowsSCOPE Memory Forensics products. This dongle runs the WindowsSCOPE Phantom Probe Agent capable of capturing a WindowsSCOPE memory snapshot from any supported Windows computer. Captured snapshots can be imported to any WindowsSCOPE repository and analyzed using the WindowsSCOPE memory forensics tool.

CaptureGUARD Express

This is an ExpressCard device capable of capturing the physical memory of the computer it’s connected to. It creates memory dump files in the standard WinDD format that can be used with the WindowsSCOPE memory forensics tool or with other WinDD compatible tools.

CaptureGUARD Gateway

This is an ExpressCard device that enables access to locked Windows computers allowing memory acquisition and live analysis of these otherwise inaccessible systems. It operates on systems running Windows XP through Windows 7 with an ExpressCard slot. For Windows 8/10 or other operating systems and system configurations please contact support@windowsscope.com.