Memoryze 3.0



Memoryze is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images, and on live systems, can include the paging file in its analysis. Features include image the full range of system memory, image a process entire address space to disk, enumerate all running processes, identify all drivers loaded in memory including those hidden by rootkits, report device and driver layering which can be used to intercept network packets, keystrokes, file activity and much more.


Mandiant Memoryze (formerly known as Mandiant Free Agent) is a free memory analysis utility that can not only acquire the physical memory from a Microsoft Windows system, but it can also perform advanced analysis of live memory while the computer is running. All analysis can be done either against an acquired image or a live system.

Memoryze takes XML documents that define what to do, and Memoryze then outputs the result in XML format. The user can configure the individual parameters within each execution script in order to perform the desired actions.
Several default execution scripts are provided with Memoryze’s installation. These scripts include:
AcquireDriver.Batch.xml
AcquireMemory.Batch.xml
AcquireProcessMemory.Batch.xml
DriverAuditModuleList.Batch.xml
DriverAuditSignature.Batch.xml
ProcessAuditMemory.Batch.xml
RootkitAudit.Batch.xml

Each script’s options will be discussed in depth, with examples.

To make Memoryze easier to use, each execution script has been wrapped by a corresponding batch file. All the parameters in the XML execution script can be modified from the command line using arguments to the batch file. The batch files include:
MemoryDD.bat to acquire an image of physical memory.
ProcessDD.bat to acquire an image of the process’ address space.
DriverDD.bat to acquire an image of a driver.
Process.bat to enumerate everything about a process including handles, virtual memory, network ports, and strings.
HookDetection.bat to look for hooks within the operating system.
DriverSearch.bat to find drivers.
DriverWalkList.bat to enumerate all modules and drivers in a linked list.

There are two ways to use Memoryze.
One way is to use the XML command files native to Memoryze.exe. This requires editing the Batch.xml files to configure Memoryze to perform the desired tasks.
The other option is to use the command-line batch scripts provided. These batch scripts generate the XML command files for the desired audit using the options specified on the batch file command line.




Platform: Windows XP/Vista/7/8/8.1/10
License: Freeware
Author: Website
Size: 6.66MB


SHA256: 957a2ae78cc1fe0bc6fec126dac1224bbd4a60dcf52b12034e1a82d104dfb006

Direct Link 2Shared


Direct Link Solidfiles


Direct Link 4Shared


Direct Link Mega


Direct Link Mediafire


Direct Link Hostr


Publisher's Website