Ange Olivier Ambemou

Netwitness Endpoint live memory analysis

Discussion created by Ange Olivier Ambemou on Dec 8, 2016

Hello All,


i shearch some information about how Netwitness Endpoint made live memory analysis


1 - agent install as a kernel mode driver

2 use window API to compare in memory and disk image  (any more details ??)


Thanks for your help.