Memoryze 1.2.1.1 Description:

Mandiant Memoryze (formerly known as Mandiant Free Agent) is a free memory analysis utility that can not only acquire the physical memory from a Microsoft Windows system, but it can also perform advanced analysis of live memory while the computer is running. All analysis can be done either against an acquired image or a live system.

XML Scripts

Memoryze takes XML documents that define what to do, and Memoryze then outputs the result in XML format. The user can configure the individual parameters within each execution script in order to perform the desired actions.
Several default execution scripts are provided with Memoryze’s installation. These scripts include:
AcquireDriver.Batch.xml
AcquireMemory.Batch.xml
AcquireProcessMemory.Batch.xml
DriverAuditModuleList.Batch.xml
DriverAuditSignature.Batch.xml
ProcessAuditMemory.Batch.xml
RootkitAudit.Batch.xml

Each script’s options will be discussed in depth, with examples.

Batch Files

To make Memoryze easier to use, each execution script has been wrapped by a corresponding batch file. All the parameters in the XML execution script can be modified from the command line using arguments to the batch file. The batch files include:
MemoryDD.bat to acquire an image of physical memory.
ProcessDD.bat to acquire an image of the process’ address space.
DriverDD.bat to acquire an image of a driver.
Process.bat to enumerate everything about a process including handles, virtual memory, network ports, and strings.
HookDetection.bat to look for hooks within the operating system.
DriverSearch.bat to find drivers.
DriverWalkList.bat to enumerate all modules and drivers in a linked list.

Viewing the Results

Memoryze creates XML documents containing the analysis results. Currently, MANDIANT does not provide a stand-alone external viewer for Memoryze’s results. However, result files can be displayed in any XML viewer – such as Windows Internet Explorer, Mozilla Firefox, or even Microsoft Excel 2007. Be careful! Some XML viewers can be sluggish when loading large XML documents.

Executing Memoryze

There are two ways to use Memoryze.
One way is to use the XML command files native to Memoryze.exe. This requires editing the *.Batch.xml files to configure Memoryze to perform the desired tasks.
The other option is to use the command-line batch scripts provided. These batch scripts generate the XML command files for the desired audit using the options specified on the batch file command line.
Using the batch scripts eliminates the need to edit an XML file. These batch scripts are convenient for interactive use.

Using Memoryze with the XML Execution Scripts

Memoryze.exe is the executable that takes the command line parameters and executes the XML audit or script. Memoryze command line parameters are as follows:
‐o [directory]
The optional directory argument specifies the location to store the results. If this location is not specified, the results are stored by default in /Audits//. is the name of the system on which Memoryze is executing, and is a date/time stamp in the format of YYYYMMDDHHMMSS.
‐script
Executes the specified audit (*.Batch.xml)
‐encoding [none|aff|gzip]
none – no encoding of the output
aff – compresses the output in an AFF evidence container
gzip – compresses the output in GZIP

Memoryze 1.2.1.1 Features:

· image the full range of system memory (not reliant on API calls).
· image a process' entire address space to disk. This includes a process' loaded DLLs, EXEs, heaps, and stacks.
· image a specified driver or all drivers loaded in memory to disk.
· identify all drivers loaded in memory, including those hidden by rootkits.
· report device and driver layering, which can be used to intercept network packets, keystrokes and file activity.
· identify all loaded kernel modules by walking a linked list.
· identify hooks ‐ often used by rootkits ‐ in the System Call Table, the Interrupt Descriptor Tables (IDTs), and driver function tables (IRP tables).
enumerate all running processes (including those hidden by rootkits). For each process, Memoryze can:
· report all open handles in a process (for example, all files, registry keys, etc.).
· list the virtual address space of a given process including: displaying all loaded DLLs / displaying all allocated portions of the heap and execution stack.
· list all network sockets that the process has open, including any hidden by rootkits.
· output all strings in memory on a per process base.

Memoryze security information

You cannot download any crack or serial number for Memoryze on this page. Every software that you are able to download on our site is legal. There is no crack, serial number, hack or activation key for Memoryze present here. Our collection also doesn't contain any keygens, because keygen programs are being used in illegal ways which we do not support. All software that you can find here is freely downloadable and legal.

Memoryze installation package is prepared to be downloaded from our fast download servers. It is checked for possible viruses and is proven to be 100% clean and safe. Various leading antiviruses have been used to test Memoryze, if it contains any viruses. No infections have been found and downloading Memoryze is completelly problem free because of that reason. Our experts on malware detection tested Memoryze with various spyware and malware detection programs, including fyxm.net custom malware and spyware detection, and absolutelly no malware or spyware was found in Memoryze.

All software that you can find on our servers, including Memoryze, is either freeware, shareware or open-source, some of the software packages are demo, trial or patch versions and if possible (public domain licence), we also host official full versions of software.

Because we want to be one of the fastest download sites on the web, we host all the software including Memoryze on our servers. You cannot find here any torrents or download links that would lead you to dangerous sites.

Fyxm.net does support free software, however we do not support warez or illegal downloads. Warez is harming producers of the software.

Enjoy!