Jump to content

Main menu Navigation ●Main page ●Contents ●Current events ●Random article ●About Wikipedia ●Contact us ●Donate Contribute ●Help ●Learn to edit ●Community portal ●Recent changes ●Upload file

●Create account ●Log in ●Create account ● Log in Pages for logged out editors learn more ●Contributions ●Talk

(Top) 1 Acquisition 2 Analysis 3 References 4 External links

WindowsSCOPE

Add links ●Article ●Talk ●Read ●Edit ●View history Tools Actions ●Read ●Edit ●View history General ●What links here ●Related changes ●Upload file ●Special pages ●Permanent link ●Page information ●Cite this page ●Get shortened URL ●Download QR code ●Wikidata item Print/export ●Download as PDF ●Printable version Appearance From Wikipedia, the free encyclopedia

WindowsSCOPE
Developer(s)	WindowsSCOPE
Platform	Windows, Cloud
Available in	English
Type	Computer forensics, Reverse Engineering
Website	http://www.windowsscope.com

WindowsSCOPE is a memory forensics and reverse engineering product for Windows used for acquiring and analyzing volatile memory.^[1] One of its uses is in the detection and reverse engineering of rootkits and other malware.^[2] WindowsSCOPE supports acquisition and analysis of Windows computers running Windows XP through Windows 10.

Acquisition

[edit]

WindowsSCOPE supports both software-based acquisition as well as hardware-assisted methods for both locked and unlocked computers. WindowsSCOPE add-on hardware for memory acquisition uses the PCI Express bus for direct access to system memory. Memory snapshots acquired with WindowsSCOPE are stored in a repository. Memory snapshots in the repository can be compared to track changes in the system over time.^[2]

Analysis

[edit]

WindowsSCOPE shows processes, DLLs, and drivers running the computer at the time of the memory snapshot as well as open network sockets, file handles, and registry key handles. It also provides disassembly and control-flow graphing for executable code. WindowsSCOPE Live is a version of the tool that allows analysis to be performed from a mobile device.^[3]

References

[edit]

^ Klanke, Russ (23 November 2009). "Digital Forensics Links". Aggressive Virus Defense. Retrieved 10 April 2012.

^ ^a ^b Le Masle, Adrien. "Detecting the HackerDefender rootkit using WindowsSCOPE". Imperial College London. Retrieved 10 April 2012.

^ Storm, Darlene. "Encrypt: Be anti-forensic friendly to protect your Android and your privacy". Security Is Sexy. Computerworld. Retrieved 10 April 2012.

External links

[edit]

WindowsSCOPE Web Site

Retrieved from "https://en.wikipedia.org/w/index.php?title=WindowsSCOPE&oldid=1158806219" Categories: ●Computer forensics ●Digital forensics software Hidden categories: ●Articles with short description ●Short description matches Wikidata ●This page was last edited on 6 June 2023, at 10:16 (UTC). ●Text is available under the Creative Commons Attribution-ShareAlike License 4.0; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. ●Privacy policy ●About Wikipedia ●Disclaimers ●Contact Wikipedia ●Code of Conduct ●Developers ●Statistics ●Cookie statement ●Mobile view