Windows Memory Forensics & Incident Response
Tools, Accessories & Solutions
WindowsSCOPE is an incident response tool which enables memory forensics for Windows computers. It performs reverse-engineering of the entire operating system from physical memory as well as all running software. It automatically identifies all processes, threads, and drivers running on the system as well as other system activity including open files, registry keys, and network sockets. It supports the latest Windows versions through Windows 10 and also has advanced data search capabilities to find URLs, credit cards, names, etc. in captured memory. It is the next generation in live memory forensics tools and memory forensics technologies — with customers in 18 countries including US, Canada, Europe, and Asia. It provides the most sophisticated memory forensics analysis for security breaches. Now offering cloud rentals and node-locked version.
CaptureGUARD and Phantom Probe hardware accessories provide memory acquisition and magical access to locked computers (access live memory and encrypted disks without needing password).
Unlock Windows Computers with CaptureGUARD Gateway
Watch WindowsSCOPE in Action Detecting Stealth Rootkits
WindowsSCOPE Phantom Probe
A USB 3.0 dongle containing the WindowsSCOPE Phantom Probe that complements WindowsSCOPE Memory Forensics products. This dongle runs the WindowsSCOPE Phantom Probe Agent capable of capturing a WindowsSCOPE memory snapshot from any supported Windows computer. Captured snapshots can be imported to any WindowsSCOPE repository and analyzed using the WindowsSCOPE memory forensics tool.
This is an ExpressCard device capable of capturing the physical memory of the computer it’s connected to. It creates memory dump files in the standard WinDD format that can be used with the WindowsSCOPE memory forensics tool or with other WinDD compatible tools.
This is an ExpressCard device that enables access to locked Windows computers allowing memory acquisition and live analysis of these otherwise inaccessible systems. It operates on systems running Windows XP through Windows 7 with an ExpressCard slot. For Windows 8/10 or other operating systems and system configurations please contact firstname.lastname@example.org.