1. Acquisition

2. Analysis

3. References

4. External links

WindowsSCOPE is a memory forensics and reverse engineering product for Windows used for acquiring and analyzing volatile memory. One of its uses is in the detection and reverse engineering of rootkits and other malware.^[2] WindowsSCOPE supports acquisition and analysis of Windows computers running Windows XP through Windows 10.

Acquisition

WindowsSCOPE supports both software-based acquisition as well as hardware-assisted methods for both locked and unlocked computers. WindowsSCOPE add-on hardware for memory acquisition uses the PCI Express bus for direct access to system memory. Memory snapshots acquired with WindowsSCOPE are stored in a repository. Memory snapshots in the repository can be compared to track changes in the system over time.^[2]

Analysis

WindowsSCOPE shows processes, DLLs, and drivers running the computer at the time of the memory snapshot as well as open network sockets, file handles, and registry key handles. It also provides disassembly and control flow graphing for executable code. WindowsSCOPE Live is a version of the tool that allows analysis to be performed from a mobile device.^[4]

References

External links

• WindowsSCOPE Web Site

• Fashion Photography
• Fashion plate
• Fashion Plate
• Fashion Rock LLC
• Fashion show
• Fashion shows
• Fashion star fillies
• Fashion Star Fillies
• Fashion statement
• Fashion stylist
• Fashion Television
• FashionTelevision
• Fashion trends
• Fashion tv
• Fashion Valley Transit Center
• Fashion Valley Transit Center (San Diego Trolley station)
• Fashion Victim
• Fashion victim
• Fashion Victim (Kim Possible)
• Fashion Week
• Fashion Week Cleveland
• Fashion writer
• Fashism
• Fashoda Affair
• Fashoda crisis