October 18, 2011

Process Dumper

Process Dumper is able to make a dump of a running process in a forensical manner.
Features

* dumps the whole process space (all data and code mappings)
* uses meta information to describe the different mappings (needed for advanced analysis)
* also saves the process environment and state
* outputs to stdout, so its possible to combine it with other tools (netcat etc.)
* doesn't touch the harddisk at all

Website
trapkit.de/research/forensic/pd

No comments:

Post a Comment