tag:blogger.com,1999:blog-30542938.post1105490771109877324..comments2022-03-09T23:50:48.838-05:00Comments on JL's stuff: /dev/crash DriverJamie Levyhttp://www.blogger.com/profile/16089000750284843256noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-30542938.post-26835773099828420432009-08-26T13:32:20.443-04:002009-08-26T13:32:20.443-04:00Yep no problem.
Volatile is interesting but it ca...Yep no problem.<br /><br />Volatile is interesting but it can't be used on an hardware memory dump on a linux system, or in a system without lkm support.<br /><br />In this case you can use draugr to have interesting informations, maybe it's possible to add draugr inside volatile (because it's in python) ?Anonymoushttps://www.blogger.com/profile/13774661631687864953noreply@blogger.comtag:blogger.com,1999:blog-30542938.post-63771250589105601402009-08-26T11:55:21.904-04:002009-08-26T11:55:21.904-04:00Thanks for the comment, Anthony :-)
draugr looks ...Thanks for the comment, Anthony :-)<br /><br />draugr looks very cool! Thanks for letting me know about it, I'll definitely check it out :-)Jamie Levyhttps://www.blogger.com/profile/16089000750284843256noreply@blogger.comtag:blogger.com,1999:blog-30542938.post-63265955733660855702009-08-26T04:51:14.415-04:002009-08-26T04:51:14.415-04:00Yep, I don't maintained zeppoo*, but it's ...Yep, I don't maintained zeppoo*, but it's very easy to patch range_is_allowed to have full access.<br /><br />I think you are interesting about forensic, you can check my latest tool http://www.esiea-recherche.eu/~desnos/draugr/index.html to get process and process' memory, and kernels' symbols. Slides are available, and the paper is coming soon.<br /><br />Best regardsAnonymoushttps://www.blogger.com/profile/13774661631687864953noreply@blogger.com