HOME

TheInfoList



Click Here for Items Related To - WindowsSCOPE
OR:
WindowsSCOPE on:   [Wikipedia]   [Google]   [Amazon]

WindowsSCOPE is a memory forensics and
reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompl ...
product for
Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
used for acquiring and analyzing volatile memory. One of its uses is in the detection and reverse engineering of
rootkits A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...
and other
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
. WindowsSCOPE supports acquisition and analysis of Windows computers running
Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users a ...
through
Windows 10 Windows 10 is a major release of Microsoft's Windows NT operating system. The successor to Windows 8.1, it was Software release cycle#Release to manufacturing (RTM), released to manufacturing on July 15, 2015, and later to retail on July 2 ...
.


Acquisition

WindowsSCOPE supports both software-based acquisition as well as hardware-assisted methods for both locked and unlocked computers. WindowsSCOPE add-on hardware for memory acquisition uses the
PCI Express PCI Express (Peripheral Component Interconnect Express), officially abbreviated as PCIe, is a high-speed standard used to connect hardware components inside computers. It is designed to replace older expansion bus standards such as Peripher ...
bus for direct access to system memory. Memory snapshots acquired with WindowsSCOPE are stored in a repository. Memory snapshots in the repository can be compared to track changes in the system over time.


Analysis

WindowsSCOPE shows processes, DLLs, and drivers running the computer at the time of the memory snapshot as well as open
network socket A network socket is a software structure within a network node of a computer network that serves as an endpoint for sending and receiving data across the network. The structure and properties of a socket are defined by an application programming ...
s, file handles, and registry key handles. It also provides
disassembly A disassembler is a computer program that translates machine language into assembly languageā€”the inverse operation to that of an assembler. The output of disassembly is typically formatted for human-readability rather than for input to an asse ...
and
control-flow graph In computer science, a control-flow graph (CFG) is a representation, using graph notation, of all paths that might be traversed through a program during its execution. The control-flow graph was conceived by Frances E. Allen, who noted that ...
ing for executable code. WindowsSCOPE Live is a version of the tool that allows analysis to be performed from a mobile device.


References

{{reflist, refs= {{cite web, last=Klanke, first=Russ, title=Digital Forensics Links, url=http://aggressivevirusdefense.wordpress.com/2009/11/22/digital-forensics-links/, work=Aggressive Virus Defense, date=23 November 2009 , accessdate=10 April 2012 {{cite web, last=Le Masle, first=Adrien, title=Detecting the HackerDefender rootkit using WindowsSCOPE, publisher=Imperial College London, url=http://www.doc.ic.ac.uk/~al1108/website/doku.php?id=windowsscope, accessdate=10 April 2012 {{cite web, last=Storm, first=Darlene, title=Encrypt: Be anti-forensic friendly to protect your Android and your privacy, url=http://blogs.computerworld.com/19469/encrypt_be_anti_forensic_friendly_to_protect_your_android_and_your_privacy, work=Security Is Sexy, publisher=Computerworld, accessdate=10 April 2012


External links


WindowsSCOPE Web Site

Windows 10 Pro
Computer forensics Digital forensics software