Try It

Full-Featured WindowsSCOPE Version

WindowsSCOPE Cyber Forensics 3.3 Trial

WindowsSCOPE is the next generation in memory forensics and cyber-attack fingerprinting technology for Microsoft Windows. To learn more, download the whitepaper or try the tool directly. You can also request a live demonstration at .

First-time users can try the full-featured 3-day trial version of WindowsSCOPE. Contains support for Windows XP, Windows Vista, Windows 7, Windows 8/8.1, and Windows 10 WinDD compatible memory dumps. For other operating systems and to request a demonstration contact

The $1 license fee is required so that we can validate users and prevent fraudulent use of WindowsSCOPE. The WindowsSCOPE Trial requires the completion of a brief online survey within 48 hours after expiration of the trial.

Option 1

Try WindowsSCOPE Cloud version at BlueRiSC Store (just select trial version, create account, and checkout).

  • Easy to use
  • Pre-installed with latest version of WindowsSCOPE (no setup or license file required)
  • Can be accessed from any computer (Windows/macOS)

Try Cloud Rental

Option 2

Try node-locked version by following these steps:

  1. Add this trial license to your cart using the “Add To Cart” button below and check out. A download link will be emailed to you following your purchase.
  2. We will contact you shortly after purchasing to provide a license file for your WindowsSCOPE trial as well as a link to the required, brief survey. By proceeding with purchase you agree to completing the brief online survey within 48 hours of expiration.

Product Description

A GUI-based memory forensic capture and analysis toolkit.  Allows for the import of  standard WinDD memory dumps which are then automatically reverse engineered and presented in an easy-to-view format for forensic analysis in a central location.  Applications include digital forensics, memory forensics, cyber crime investigation,  cyber defense, cyber attack detection, cyber analysis, and other reverse engineering activities.

Provides comprehensive capabilities for analyzing the Windows kernel and/or software applications, drivers, and DLLs as well as user activity.  Virtual and physical memory snapshots can be generated, compared, annotated, and analyzed from many different points of view. The system includes sophisticated disassembling, annotations, and program graphing capabilities. It also allows finding data artifacts such as credit card information, user logins, names,  URLs visited (even if programs have been terminated), etc.

Comes with WinDD compatible fetching mechanism and import capabilities. Compatible with optional CaptureGUARD hardware-based physical memory acquisition and Phantom Probe USB dongle memory fetching mechanism.

Watch our WindowsSCOPE use case videos here.

Contains support for Windows XP, Windows Vista, Windows 7, Windows 8/8.1, and Windows 10 WinDD compatible memory dumps. For other operating systems  contact

WindowsSCOPE Specification Documents: