Blog

Some Use Cases and Discussion
Close
Enter your
text here
Top Ten Reasons to Perform Live Memory Forensics Collection
 Top Ten Reasons to Perform Live Memory Forensics Collection 150 150 WindowsSCOPE
0

2. Some systems cannot be shut down so live analysis is the only option. Live data can be captured and analyzed offline. 3. It is highly useful to collect information about the kernel, processes, registry…

read more
Rebooting Computing
 Rebooting Computing 467 310 WindowsSCOPE
0

Washington DC, December 9-11. BlueRiSC team and academic collaborators present new direction for computing based on Bayesian inference and learning. It is one of  the five presentations at the Rebooting Computing close-door meeting organized in…

read more
Introduction to 64-Bit Virtual Memory Management Video
 Introduction to 64-Bit Virtual Memory Management Video 150 150 WindowsSCOPE
0

You can access the video here.

read more
Virtual Memory and Address Translating for x64
 Virtual Memory and Address Translating for x64 1024 819 WindowsSCOPE
0

Pages are represented by Page Table Entries. A Page Table Entry is part of a virtual memory hierarchy. This hierarchy gives virtual to physical address mappings at the page granularity. From highest level to lowest,…

read more
Check Open Registry Keys in Memory
 Check Open Registry Keys in Memory 1024 786 WindowsSCOPE
0

To view the registry keys being used by Windows at the time of a snapshot, on the left panel go to Memory View → Summary of System Activity → Open Registry Keys. Open registry keys…

read more
Introduction to 32-Bit Virtual Memory Management
 Introduction to 32-Bit Virtual Memory Management 150 150 WindowsSCOPE
0

You can access the video here.

read more
Virtual Memory and Address Translating for x86 and x86 PAE
 Virtual Memory and Address Translating for x86 and x86 PAE 150 150 WindowsSCOPE
0

When a process starts on an x86 (32-bit) system, it is given 4GB (232 = 4GB) of virtual memory. 4GB is a lot of memory and most processes don’t utilize the entire virtual memory space.…

read more
Comparing Open Network Sockets
 Comparing Open Network Sockets 1024 786 WindowsSCOPE
0

As an example, the FTP client FileZilla was used to create a local FTP server. Then, a computer on the same network attempted to connect to the server. A snapshot was taken on the host…

read more
How to Compare Multiple Memory Snapshots
 How to Compare Multiple Memory Snapshots 1024 786 WindowsSCOPE
0

In this screen shot, the example snapshot ‘Before Installing Antivirus’ is selected. The view is on Memory View → Summary of System Activity → Open Files, which is showing the Open Files for just the…

read more
Rootkit Video Series: Understand and Detect the Shadow Walker Rootkit
 Rootkit Video Series: Understand and Detect the Shadow Walker Rootkit 150 150 WindowsSCOPE
0

You can access the video here.

read more