Wednesday, May 23, 2012

Update to MESMER.py

MESMER.py (MEmoryze String MappER) is a tool I wrote a few weeks ago. Since then I've used it in every forensic investigation that involved memory analysis.  When I first wrote the tool, I was still learning and understanding the SQLite database schema that Memoryze creates; because of which I wrote a disclaimer.  Since then I am now confident that my process returns the exact same data you would get if you went through the results with the Auditviewer GUI.

Anyhow, using this tool so often, I started to get frustrated and want more information on the pid itself. I just updated the code on git (https://github.com/JC-SoCal/MESMER) to offer more details on the pid.

Below is a screenshot from a case I'm working with the new version.  Let me know what you think and if there is a feature you want me to add to this.  I think I'm going to put a flag for IP address in there next.

MESMER.py searching av.db for "devil1"

No comments:

Post a Comment