Ange Olivier Ambemou

Netwitness Endpoint live memory analysis

Discussion created by Ange Olivier Ambemou on Dec 8, 2016

Hello All,

 

i shearch some information about how Netwitness Endpoint made live memory analysis

 

1 - agent install as a kernel mode driver

2 use window API to compare in memory and disk image  (any more details ??)

 

Thanks for your help.

Outcomes