From Surf Wiki (app.surf) — the open knowledge base
WindowsSCOPE
Memory forensics and reverse engineering product
Memory forensics and reverse engineering product
| Field | Value |
|---|---|
| name | WindowsSCOPE |
| developer | WindowsSCOPE |
| platform | Windows, Cloud |
| language | English |
| genre | Computer forensics, Reverse Engineering |
| website | http://www.windowsscope.com |
WindowsSCOPE is a memory forensics and reverse engineering product for Windows used for acquiring and analyzing volatile memory. One of its uses is in the detection and reverse engineering of rootkits and other malware. WindowsSCOPE supports acquisition and analysis of Windows computers running Windows XP through Windows 10.
Acquisition
WindowsSCOPE supports both software-based acquisition as well as hardware-assisted methods for both locked and unlocked computers. WindowsSCOPE add-on hardware for memory acquisition uses the PCI Express bus for direct access to system memory. Memory snapshots acquired with WindowsSCOPE are stored in a repository. Memory snapshots in the repository can be compared to track changes in the system over time.
Analysis
WindowsSCOPE shows processes, DLLs, and drivers running the computer at the time of the memory snapshot as well as open network sockets, file handles, and registry key handles. It also provides disassembly and control-flow graphing for executable code. WindowsSCOPE Live is a version of the tool that allows analysis to be performed from a mobile device.
References
References
- Klanke, Russ. (23 November 2009). "Digital Forensics Links". Aggressive Virus Defense.
- Le Masle, Adrien. "Detecting the HackerDefender rootkit using WindowsSCOPE". Imperial College London.
- Storm, Darlene. "Encrypt: Be anti-forensic friendly to protect your Android and your privacy". Computerworld.
This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.
Ask Mako anything about WindowsSCOPE — get instant answers, deeper analysis, and related topics.
Research with MakoFree with your Surf account
Create a free account to save articles, ask Mako questions, and organize your research.
Sign up freeThis content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.
Report