Hi! On Sun, Jul 27, 2008 at 1:07 AM, Eduardo Júnior <[EMAIL PROTECTED]> wrote: > > Hi, > > > How can analyze a dump of memory?
Simple...treat it like you analyze the content of physical RAM.... e.g you know the address of a process physically..then use hexdump to read the related offset inside the dumped /dev/mem. > I get this dump from the running of the following command: > > # dd if = / dev / mem of = / root / memory.dump > > # file memory.dump > memory.dump Date > > I can only use the command strings associated with grep. > Is there any other kind of analysis? Lots of them... google for "computer forensic". Phrack has some very interesting articles about it...check them out too. I remember a guy...Michal Zalewsky IIRC. He writes some memory forensic tools, might be interesting for you too. regards, Mulyadi. -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to [EMAIL PROTECTED] Please read the FAQ at http://kernelnewbies.org/FAQ
