A GUI-based memory forensic capture and analysis toolkit. Allows for the import of standard WinDD memory dumps which are then automatically reverse engineered and presented in an easy-to-view format for forensic analysis in a central location. Applications include digital forensics, memory forensics, cyber crime investigation, cyber defense, cyber attack detection, cyber analysis, and other reverse engineering activities.
Provides comprehensive capabilities for analyzing the Windows kernel and/or software applications, drivers, and DLLs as well as user activity. Virtual and physical memory snapshots can be generated, compared, annotated, and analyzed from many different points of view. The system includes sophisticated disassembling, annotations, and program graphing capabilities. It also allows finding data artifacts such as credit card information, user logins, names, URLs visited (even if programs have been terminated), etc.
Comes with WinDD compatible fetching mechanism and import capabilities. Compatible with optional CaptureGUARD hardware-based physical memory acquisition and Phantom Probe USB dongle memory fetching mechanism.
Watch our WindowsSCOPE use case videos here.
Contains support for Windows XP, Windows Vista, Windows 7, Windows 8/8.1, and Windows 10 WinDD compatible memory dumps. For other operating systems contact firstname.lastname@example.org
WindowsSCOPE Specification Documents: