License Lookup Chat Offline - Leave Message

Physical Memory 2.04 Beta Now Available

Aug 18, 2009

Quick update, we've put up the newest version of F-Response 2.04 Beta on the Downloads page. Read on for more details...

 

Special thanks goes out to Gordon Mitchell PhD (eSleuth.com), Gordon was instrumental in assisting us with developing a much cleaner GUI presentation of Physical Memory, as well as clearing up some some typical usage scenarios for Windows Vista Home Premium edition. Thanks Gordon, much appreciated!

f-response-fk2.04.jpg

 

 

 

 

 

 

 

 

 

Thanks to Gordon's advice, we've adjusted the Physical Memory UI to indicated "Enabled or Disabled". As you would imagine, selecting Enabled and pressing start will result in Physical Memory being presented. Of course, conversely, selecting Disabled and pressing start will result in Physical Memory not being presented.

Next, let me take a minute to show you what physical memory looks like. 

mmc_snapinsnapshot.jpgSince in the world of F-Response all remote data is presented as a disk, Physical Memory on the remote machine is therefore also presented as a disk. When Physical Memory has been enabled on the F-Response console or command line, the disk representing physical memory will be displayed as the last disk in the series during iSCSI discovery.

In addition, since Windows has no native file system drivers for Physical Memory ( hint: This would be a very interesting complimentary tool!), you will have to open up the newly attached physical disk using any Computer Forensic application. At that point you can perform analysis or acquire an image.

The above screen capture shows what happens when you review the Windows Disk Management Console after attaching to a remote computer's physical memory using F-Response. As you can see, Windows is unable to interpret the file structure of the disk and indicates it is un-initialized and of an Unknown type.

Thanks, and if you are interested in trying out F-Response 2.04 Beta, remember, the newest F-Response 2.04 Physical Memory Betas are available on the Downloads page and are useable by all registered customers (including valid Demo License Dongle holders).

Warmest Regards,

M. Shannon, Founder

F-Response

November 10, 2008