Sandman Version 1.0.080226

By Andreas Schuster
Copyright © 2008 int for(ensic){blog;}. All rights reserved. Reproduction for commercial purposes (including online advertisement) interdicted.

Matthieu Suiche and Nicolas Ruff have just released their first public version of the Sandman Framework.

Sandman parses the hibernation file. As it can be seen from a sample program, only a few lines of Python code suffice to convert the hibernation file into a raw ("dd-style") memory image.

Download the Sandman Framework here.

This entry was posted on Tuesday, February 26th, 2008 at 11:50 pm and is filed under Forensic news. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Acquisition (4): hiberfil.sys
The Implementation by Vendor “S”
The Implementation by Vendor “X”
win32dd Version 1.1
MDD Version 1.2

Sandman Version 1.0.080226

at Forensic scientist’s blog

Sandman Version 1.0.080226

Forensic Science communications

Pages

Categories

Blogroll

Archives