WindowsSCOPEWe at BlueRiSC are delighted to provide you with support and encourage you to contact us would you have issues or technical questions. Customers can flag questions that are highly technical so that we can direct them to developers immediately cutting down on the cycle to get adequate level of depth into the response. We can be contacted through live…
read moreTo view the registry keys being used by Windows at the time of a snapshot, on the left panel go to Memory View → Summary of System Activity → Open Registry Keys. Open registry keys can be viewed per process as well by going to Memory View → Processes → Open Registry Keys. From the example snapshot, after viewing…
read morePages are represented by Page Table Entries. A Page Table Entry is part of a virtual memory hierarchy. This hierarchy gives virtual to physical address mappings at the page granularity. From highest level to lowest, the hierarchy looks like this: Page Map Level →Page Directory Pointers → Page Directories →Page Tables →Page Table Entries Every virtual address has a Page…
read moreWhen a process starts on an x86 (32-bit) system, it is given 4GB (232 = 4GB) of virtual memory. 4GB is a lot of memory and most processes don’t utilize the entire virtual memory space. Memory is broken up into pages of 4KB (212 = 4KB). This gives each process access to 220 pages (232 ÷ 212 = 220) of…
read moreAs an example, the FTP client FileZilla was used to create a local FTP server. Then, a computer on the same network attempted to connect to the server. A snapshot was taken on the host computer once the server was up and running, but before any connections were made to the server. Another snapshot was taken after the remote computer…
read moreWindows Memory Forensics & Incident Response Tools, Accessories & Solutions WindowsSCOPE is an incident response tool which enables memory forensics for Windows computers. It performs reverse-engineering of the entire operating system from physical memory as well as all running software. It automatically identifies all processes, threads, and drivers running on the system as well as other system activity including open…
read more