It is possible to get information like process ID, process type, physical & virtual address from a memory dump in Windows 10?
-
It isn't the avenue for this question. You may ask it somewhere in a windows 10 product forum. And plus it doesn't fit to the forensics space.– Arun AnsonCommented Jan 8, 2016 at 9:33
-
3Question in title doesn't seem to match the question in the body. Which are you asking?– schroederCommented Jan 8, 2016 at 16:56
Add a comment
|
1 Answer
There are several tools that are able to dump the memory of a windows system by using own drivers to access the memory directly. You can find a list of these tools here.
You can then analyse the generated image with a memory forensics framework like volatility.