Memoryze 1.2.1.1
Updated on 15 Jul 2011
By Anthony Buckner
By Anthony Buckner
3.6 MB Safe To Install
Advertising
Specifications
License:
Freeware (Free)
Updated:
Downloads:
434
Platform:
Windows 2K / XP / 2003
Publisher:
MANDIANT(more)
Website:
Unknown
User Reviews:
Other versions:
Do you like
Memoryze?
Memoryze?
Publisher's Descriptions
Mandiant Memoryze (formerly known as Mandiant Free Agent) is a free memory analysis utility that can not only acquire the physical memory from a Microsoft Windows system, but it can also perform advanced analysis of live memory while the computer is running. All analysis can be done either against an acquired image or a live system.
XML Scripts
Memoryze takes XML documents that define what to do, and Memoryze then outputs the result in XML format. The user can configure the individual parameters within each execution script in order to perform the desired actions.
Several default execution scripts are provided with Memoryze’s installation. These scripts include:
AcquireDriver.Batch.xml
AcquireMemory.Batch.xml
AcquireProcessMemory.Batch.xml
DriverAuditModuleList.Batch.xml
DriverAuditSignature.Batch.xml
ProcessAuditMemory.Batch.xml
RootkitAudit.Batch.xml
Each script’s options will be discussed in depth, with examples.
Batch Files
To make Memoryze easier to use, each execution script has been wrapped by a corresponding batch file. All the parameters in the XML execution script can be modified from the command line using arguments to the batch file. The batch files include:
MemoryDD.bat to acquire an image of physical memory.
ProcessDD.bat to acquire an image of the process’ address space.
DriverDD.bat to acquire an image of a driver.
Process.bat to enumerate everything about a process including handles, virtual memory, network ports, and strings.
HookDetection.bat to look for hooks within the operating system.
DriverSearch.bat to find drivers.
DriverWalkList.bat to enumerate all modules and drivers in a linked list.
Viewing the Results
Memoryze creates XML documents containing the analysis results. Currently, MANDIANT does not provide a stand-alone external viewer for Memoryze’s results. However, result files can be displayed in any XML viewer – such as Windows Internet Explorer, Mozilla Firefox, or even Microsoft Excel 2007. Be careful! Some XML viewers can be sluggish when loading large XML documents.
Executing Memoryze
There are two ways to use Memoryze.
One way is to use the XML command files native to Memoryze.exe. This requires editing the *.Batch.xml files to configure Memoryze to perform the desired tasks.
The other option is to use the command-line batch scripts provided. These batch scripts generate the XML command files for the desired audit using the options specified on the batch file command line.
Using the batch scripts eliminates the need to edit an XML file. These batch scripts are convenient for interactive use.
Using Memoryze with the XML Execution Scripts
Memoryze.exe is the executable that takes the command line parameters and executes the XML audit or script. Memoryze command line parameters are as follows:
â€o [directory]
The optional directory argument specifies the location to store the results. If this location is not specified, the results are stored by default in /Audits//. is the name of the system on which Memoryze is executing, and is a date/time stamp in the format of YYYYMMDDHHMMSS.
â€script
Executes the specified audit (*.Batch.xml)
â€encoding [none|aff|gzip]
none – no encoding of the output
aff – compresses the output in an AFF evidence container
gzip – compresses the output in GZIP
XML Scripts
Memoryze takes XML documents that define what to do, and Memoryze then outputs the result in XML format. The user can configure the individual parameters within each execution script in order to perform the desired actions.
Several default execution scripts are provided with Memoryze’s installation. These scripts include:
AcquireDriver.Batch.xml
AcquireMemory.Batch.xml
AcquireProcessMemory.Batch.xml
DriverAuditModuleList.Batch.xml
DriverAuditSignature.Batch.xml
ProcessAuditMemory.Batch.xml
RootkitAudit.Batch.xml
Each script’s options will be discussed in depth, with examples.
Batch Files
To make Memoryze easier to use, each execution script has been wrapped by a corresponding batch file. All the parameters in the XML execution script can be modified from the command line using arguments to the batch file. The batch files include:
MemoryDD.bat to acquire an image of physical memory.
ProcessDD.bat to acquire an image of the process’ address space.
DriverDD.bat to acquire an image of a driver.
Process.bat to enumerate everything about a process including handles, virtual memory, network ports, and strings.
HookDetection.bat to look for hooks within the operating system.
DriverSearch.bat to find drivers.
DriverWalkList.bat to enumerate all modules and drivers in a linked list.
Viewing the Results
Memoryze creates XML documents containing the analysis results. Currently, MANDIANT does not provide a stand-alone external viewer for Memoryze’s results. However, result files can be displayed in any XML viewer – such as Windows Internet Explorer, Mozilla Firefox, or even Microsoft Excel 2007. Be careful! Some XML viewers can be sluggish when loading large XML documents.
Executing Memoryze
There are two ways to use Memoryze.
One way is to use the XML command files native to Memoryze.exe. This requires editing the *.Batch.xml files to configure Memoryze to perform the desired tasks.
The other option is to use the command-line batch scripts provided. These batch scripts generate the XML command files for the desired audit using the options specified on the batch file command line.
Using the batch scripts eliminates the need to edit an XML file. These batch scripts are convenient for interactive use.
Using Memoryze with the XML Execution Scripts
Memoryze.exe is the executable that takes the command line parameters and executes the XML audit or script. Memoryze command line parameters are as follows:
â€o [directory]
The optional directory argument specifies the location to store the results. If this location is not specified, the results are stored by default in /Audits//. is the name of the system on which Memoryze is executing, and is a date/time stamp in the format of YYYYMMDDHHMMSS.
â€script
Executes the specified audit (*.Batch.xml)
â€encoding [none|aff|gzip]
none – no encoding of the output
aff – compresses the output in an AFF evidence container
gzip – compresses the output in GZIP
Do you like Memoryze
Memoryze Disclamer
Please be aware FindMySoft.com accepts no responsibility for the file you are downloading. The same applies to the information provided about the software products listed.
We do not allow the inclusion of any Memoryze serial, keygen or crack and we disclaim any liability for the inappropriate use of Memoryze.
FindMySoft advises that Memoryze should be only used in accordance with the rules of intellectual property and the existing Criminal Code.
For your own protection ALWAYS check downloaded files for viruses.
We do not allow the inclusion of any Memoryze serial, keygen or crack and we disclaim any liability for the inappropriate use of Memoryze.
FindMySoft advises that Memoryze should be only used in accordance with the rules of intellectual property and the existing Criminal Code.
For your own protection ALWAYS check downloaded files for viruses.
Advertising
Popular News
Microsoft recently announced that the parental controls for the upcoming Windows 8 operating system will be even better than what Windows 7 has to offer.
A look at the system requirements needed to run the most popular browsers out there today.
Your Rating
2.0
out
of
5
of
5
Rated By
5 Users
5 Users
Top Downloads
2.
Opera5.
Trillian8.
AIM9.
Skype10.
Ad-Aware12.
Nero13.
Google Earth14.
Picasa15.
Winamp16.
iTunes17.
RealPlayer18.
uTorrent19.
eMule20.
WinRAR21.
BitComet22.
WinZip23.
Shareaza24.
CCleaner25.
Recuva26.
Tweak UI27.
CuteFTP Home29.
Adobe Reader30.
NewsPiperBecome A Fan!
Link To Us!
Memoryze
HTML Linking Code
HTML Linking Code
Latest Reviews