Performing memory analysis in incident response investigations can be tedious and challenging because of the lack of commercial options for processing memory samples, no all-in-one open-source tools to process samples, and a shortage of the knowledge and skill to do so.
Recognizing this, CrowdStrike Services created SuperMem, an open-source Windows memory processing script that helps investigators consistently and quickly process memory samples in their investigations.
SuperMem, or “winSuperMem.py,” is a Python script that will parse Windows memory samples in a consistent, quick and selective way. It is backed by a triage-type methodology that makes the tool easy to use and therefore more accessible to forensic analysts. The triage-type methodology consists of three types: Quick, Full and Comprehensive.
SuperMem currently consists of one Python script, “winSuperMem.py,” that is meant for processing Windows memory images. By running SuperMem with a specified triage type (Quick, Full or Comprehensive), the script will process the memory sample in several ways.
Post A Comment:
0 comments: