Hi Stefan. Yes, if you can use EnCase, I-Look or FTK you can easly analyze MS pagefiles.sys.
But note that EnCase and FTK are commercial products. By the way you can take I-Look from www.ilook-forensics.org For I-Look you have to be in Government employment. It's a free tool. -----Original Message----- From: Stefan Kelm [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 30, 2006 3:45 PM To: [email protected] Subject: analyzing pagefile.sys Folks, are there tools other than grep, strings, etc. that allow me to analyze a windows swap file (pagefile.sys)? Cheers, Stefan. -------------------------------------------------------- Stefan Kelm Security Consultant Secorvo Security Consulting GmbH Ettlinger Strasse 12-14, D-76137 Karlsruhe Tel. +49 721 255171-304, Fax +49 721 255171-100 [EMAIL PROTECTED], http://www.secorvo.de/ ------------------------------------------------------- PGP Fingerprint 87AE E858 CCBC C3A2 E633 D139 B0D9 212B
