[Crash-utility] DD image
Amer Aljaedi
amer4554 at gmail.com
Tue Apr 12 18:38:21 UTC 2011
Hi ,
recently, some forensic research suggested that utilizing Crash utility as
independent solution to parse Linux memory dump in order to extract
forensic artifacts. but in real forensic cases where there is need for
minimizing the footprint on the comprised system, the forensic analyst
would perform only one action, which is physical memory capture to minimize
the footprint with dd. I just wonder if there any chance that Crach utility
would support dd image.
Thanks,
Amer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/crash-utility/attachments/20110412/88bfc0ec/attachment.htm>
More information about the Crash-utility
mailing list