Features and Use Cases

These videos are provided to help familiarize you with the features of WindowsSCOPE and CaptureGUARD accessories. Use these video demonstrations together with the quick start guide to quickly learn your way around. New Users should start with the introduction video. Once you’ve learned the basics of WindowsSCOPE you could move on to the more advanced reverse engineering use case videos.

Unlock any Windows Computer with CaptureGUARD Gateway

This video demonstrates accessing locked computers for different versions of laptops and OS.

WindowsSCOPE Cyber Forensics: Introduction to Memory Forensics and Reverse Engineering

This is the recommended starting video for new users. This tutorial video will help get you familiar with the WindowsSCOPE interface and introduce you to many of its unique features.  This video in conjunction with the WindowsSCOPE Quick Start Guide will be all that is needed to get started on creating your own projects and using all that WindowsSCOPE has to offer.

Using WindowsSCOPE to Reverse Engineer 32-Bit Virtual Memory Management/ Access all Paging Structures

This instructional video uses WindowsSCOPE to show how virtual memory and paging works on 32-bit Windows systems.  Covered topics include page table entries, physical address extension, and the no-execute bit.

Using WindowsSCOPE Cyber Forensics Tool to Reverse Engineer and Graph the Windows Kernel

This video explores the internals of the Windows operating system including the IDT, SSDT, and DLL imports and exports.  It is recommended that you familiarize yourself with the WindowsSCOPE software by reviewing the Quick Start Guide or watching the WindowsSCOPE introduction video prior to viewing this.

Using WindowsSCOPE Memory Forensics Tool to Reverse Engineer 64-Bit Virtual Memory Management

This instructional video picks up where the 32-bit virtual memory management video left off by illustrating how the principles of virtual memory management are extended to 64-bit systems.  We recommend getting familiar with 32-bit virtual memory management prior to advancing to this video.

Using WindowsSCOPE to Reverse Engineer and Analyze the Shadow Walker Rootkit Cyber Attack

This video demonstrates how WindowsSCOPE can be used to reverse engineer real malware and rootkits.  In this video we investigate the Shadow Walker rootkit.  The Shadow Walker rootkit is capable of hiding malicious programs running on a system from detection by virus scanners and other anti-malware agents.  This is acheived through clever hooks into the virtual memory system, disabling these detection mechanisms from seeing the actual malicious code that is executing.  This video illustrates how these hooks can be uncovered through the use of WindowsSCOPE.