Find evil in live memory
May 19, 2018. The 5.2.1 version of Image Lab™ Software is available as a free download on our website. Image Lab™ Software relates to Photo & Graphics Tools. This program is a product of Bio-Rad Laboratories. This download was scanned by our antivirus and was rated as virus free.
The image shown is an extreme case, given that it is not very warm to begin with. The screenshotted display was not opened in chrome, but I have tried that, and it doesn't change anything. I've sent the images to other devices and it's looked exactly the same as it does here, different than in lightroom, oversaturated with a red tint.
Mandiant's Memoryze™ is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images and on live systems can include the paging file in its analysis. Free plumbing design calculation software.
Memoryze can:
- Image the full range of system memory (no reliance on API calls).
- Image a process' entire address space to disk, including a process' loaded DLLs, EXEs, heaps and stacks.
- Image a specified driver or all drivers loaded in memory to disk.
- Enumerate all running processes (including those hidden by rootkits), including:
- Report all open handles in a process (including all files, registry keys, etc.)
- List the virtual address space of a given process including all loaded DLLs and all allocated portions of the heap and stack
- List all network sockets that the process has open, including any hidden by rootkits.
- Specify the functions imported and exported by the EXE and DLLs.
- Hash the EXE and DLLs in the process address space (MD5, SHA1, SHA256. This is disk based).
- Verify the digital signatures of the EXEs and DLLs (disk-based).
- Output all strings in memory on a per-process basis.
- Identify all drivers loaded in memory, including those hidden by rootkits. For each driver, Memoryze can:
- Specify the functions the driver imports and exports.
- Hash the driver (MD5, SHA1, and SHA256. disk-based).
- Verify the digital signature of the driver (disk-based).
- Output all strings in memory on a per driver basis.
- Report device and driver layering, which can be used to intercept network packets, keystrokes and file activity.
- Identify all loaded kernel modules by walking a linked list. Identify hooks (often used by rootkits) in system call table, the interrupt descriptor tables (IDTs) and driver function tables.
Memoryze for the Mac can:
Image Acquire Mac Os X
- Image the full range of system memory
- Acquire individual process memory regions
- Enumerate all running processes (including those hidden by rootkits).
- For each process Memoryze for the Mac can:
- Report all open file handles in a process (including all files, sockets, pipes, etc)
- List the virtual address space of a process including:
- loaded libraries
- allocated portions of heap and execution stack
- network connections
- all loaded kernel extensions, including those hidden by rootkits
- system call table and mach trap table
- all running mach tasks
- ASLR support
Image Acquire Mac
Mandiant's Memoryze can perform all these functions on live system memory or memory image files – whether they were acquired by Memoryze or other memory acquisition tools.