Archive for 'December 2008'
Integrate EnCase, Memoryze, and Audit Viewer with MemScript
Memoryze is a great tool for memory analysis, but what makes it even stronger is that it can be integrated with other tools to help with incident response. These other tools can be leveraged to bring Memoryze's capabilities to remote hosts. If your organization has not deployed or piloted MANDIANT Intelligent Response (MIR), you can use Encase Enterprise Edition (EEE) to gain access to remote memory. Just like with MIR, using EEE you are able to collect volatile data with "snapshots" and also have the ability to access memory on a remote system.