- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
The Memory Process File System is an easy and convenient way of accessing physical memory as files a virtual file system.
Easy trivial point and click memory analysis without the need for complicated commandline arguments! Access memory content and artifacts via files in a mounted virtual file system or via a feature rich application library to include in your own projects!
Analyze memory dump files, live memory via DumpIt or WinPMEM, live memory in read-write mode via linked PCILeech and PCILeech-FPGA devices!
It's even possible to connect to a remote LeechAgent memory acquisition agent over a secured connection - allowing for remote live memory incident response - even over higher latency low band-width connections!
Use your favorite tools to analyze memory - use your favorite hex editors, your python and powershell scripts, WinDbg or your favorite disassemblers and debuggers - all will work trivally with the Memory Process File System by just reading and writing files!
Download MemProcFS