Comments on: Large Memory Acquisitions http://www.cutawaysecurity.com/blog/archives/533 Cutaway's Observations, Opinions, Rants, Raves, Tantrums, and Tirades Wed, 02 Jun 2010 22:30:56 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: DavidS http://www.cutawaysecurity.com/blog/archives/533/comment-page-1#comment-31196 DavidS Tue, 29 Sep 2009 23:02:11 +0000 http://www.cutawaysecurity.com/blog/?p=533#comment-31196 It would appear some progress has been made on this front. It looks like HBGary Responder can read and process RAM dumps > 4GB now. I am looking at a 8GB dump from a Windows Server 2003 system now. I will try the same on Responder Field Edition when I get a chance. david@sharpebusinesssolutions.com It would appear some progress has been made on this front. It looks like HBGary Responder can read and process RAM dumps > 4GB now. I am looking at a 8GB dump from a Windows Server 2003 system now. I will try the same on Responder Field Edition when I get a chance.

david@sharpebusinesssolutions.com

]]> By: cutaway http://www.cutawaysecurity.com/blog/archives/533/comment-page-1#comment-31128 cutaway Fri, 15 May 2009 17:23:56 +0000 http://www.cutawaysecurity.com/blog/?p=533#comment-31128 @David, Well, that is the battle isn't it. MS gets to change what they want when they want it. We just get to keep up. Now it is just getting other people to understand these dynamics. Thank you for the information about testing. Don @David,

Well, that is the battle isn’t it. MS gets to change what they want when they want it. We just get to keep up. Now it is just getting other people to understand these dynamics.

Thank you for the information about testing.

Don

]]> By: DavidS http://www.cutawaysecurity.com/blog/archives/533/comment-page-1#comment-31127 DavidS Fri, 15 May 2009 16:35:18 +0000 http://www.cutawaysecurity.com/blog/?p=533#comment-31127 Understood. FDpro 1.0.4.0096 works in situations that bugchecked 100% of the time for me with 1.0.4.0072. I thought this worked fine before. Maybe a Microsoft patch or hotfix broke something somewhere along the way? Understood. FDpro 1.0.4.0096 works in situations that bugchecked 100% of the time for me with 1.0.4.0072. I thought this worked fine before. Maybe a Microsoft patch or hotfix broke something somewhere along the way?

]]> By: cutaway http://www.cutawaysecurity.com/blog/archives/533/comment-page-1#comment-31126 cutaway Fri, 15 May 2009 15:05:51 +0000 http://www.cutawaysecurity.com/blog/?p=533#comment-31126 @David, I am aware the HBGary is testing new versions of FDPro. Although I did experience this problem with FDPro I also experienced it when using F-Response and FTK Imager. I have not experienced this behavior with mdd, Memoryze, Nigilant32 but that is basically because I don't think I have used them in these situations. Right now I have limited resources (meaning none) with extra memory to test. Basically what I am trying to say is that I cannot be sure if these are experiences that are limited to FDPro or rather memory acquisition in general. I think time will tell and I also believe that most developers of these tools are looking into this issue specifically. Hopefully soon we will have some updates and new features. Go forth and do good things, Don C. Weber @David,

I am aware the HBGary is testing new versions of FDPro. Although I did experience this problem with FDPro I also experienced it when using F-Response and FTK Imager. I have not experienced this behavior with mdd, Memoryze, Nigilant32 but that is basically because I don’t think I have used them in these situations. Right now I have limited resources (meaning none) with extra memory to test.

Basically what I am trying to say is that I cannot be sure if these are experiences that are limited to FDPro or rather memory acquisition in general. I think time will tell and I also believe that most developers of these tools are looking into this issue specifically. Hopefully soon we will have some updates and new features.

Go forth and do good things,
Don C. Weber

]]> By: DavidS http://www.cutawaysecurity.com/blog/archives/533/comment-page-1#comment-31125 DavidS Fri, 15 May 2009 02:13:01 +0000 http://www.cutawaysecurity.com/blog/?p=533#comment-31125 I had the same problem with the current production version of FDpro.exe on systems with more than 4GB of RAM, but that seems to be fixed in FDpro.exe version 1.0.4.0096. Have you had a chance to try that version of FDpro yet? david@sharpebusinesssolutions.com I had the same problem with the current production version of FDpro.exe on systems with more than 4GB of RAM, but that seems to be fixed in FDpro.exe version 1.0.4.0096. Have you had a chance to try that version of FDpro yet?

david@sharpebusinesssolutions.com

]]> By: moses http://www.cutawaysecurity.com/blog/archives/533/comment-page-1#comment-31113 moses Thu, 07 May 2009 01:58:23 +0000 http://www.cutawaysecurity.com/blog/?p=533#comment-31113 its definately not user error the tools vendors' compiler vendor is to blame. 32 pointers are all you can expect its definately not user error
the tools vendors’ compiler vendor is to blame.
32 pointers are all you can expect

]]>