Skip navigation.
Home

RAM Scraper

|

Looking for a working RAM Scraper malware/tool to extract memory of processes and dump to a file. Any kind of tool/malware

Thanks

You can use couple of

You can use couple of them
Free tools
==============
Mandiant Memoryze with AuditViewer
PTFinder
pmdump
pd.exe
foremost to analyze it
Windows Memory crash dump

Commercial
============
HBGary

Re:RAM Scraper

If you have access to HB Gary's software that would be my primary choice as #alfredhitchcock suggested, alternatively you could use Encase with their enscripts... but I don't really suggest that... If you are looking for more of environment for this kind of analysis I strongly suggest Sift's 2.0 kit which can be found in the link below. Just requires free registration. The specific tool you're looking for is 'Volatility' which can also be downloaded separately.

Process:
1. Dump ram with win32dd.exe # win32dd.exe /r /f ramDump.dmp
2. Use volatility to find the PID for the process in question # volatility pslist -f ramDump.dmp
3. Use volatility to dump all addressable memory for a particular process # volatility memdmp -f ramDump.dmp -p PID_number

Look around in the volatility toolkit... I think you'll find it to be one of the more complete kits out there

Sites:
____________________________________________________________
Volatility site:
https://www.volatilesystems.com/volatility/1.3/README.txt

Sift 2.0:
https://computer-forensics2.sans.org/community/siftkit/

win32dd:
http://moonsols.com/component/jdownloads/view.download/3/2

i think hbgary has a free

i think hbgary has a free version of their utility too, check out the community edition

https://www.hbgary.com/products-services/fastdump/