Belkasoft RAM Capturer v.1.0

Advertisement
Advertisement

Belkasoft RAM Capturer is a kernel-mode tool designed to capture the content of the computer's volatile memory in a forensically sound way. Developed by a forensic research company, Belkasoft RAM Capturer requires no installation and leaves as small a footprint as theoretically possible. Coming with 32-bit and 64-bit kernel-mode drivers, Belkasoft RAM Capturer is able to overcome most current anti-debugging and anti-dumping protection systems such as nProtect GameGuard. Unlike many other memory dumping tools operating strictly in user mode, Belkasoft RAM Capturer works in the system's most privileged kernel mode, being able to acquire the full content of the computer's RAM.

Certain applications, including multi-player computer games, communication tools, and malware implement anti-debugging measures to actively block third-party tools from accessing their memory sets. In mild, best-case scenarios these proactive measures will simply cause the memory dumping tool to read zeroes (or random data) instead of the actual information. In other cases (e.g. malware, Trojans, certain security applications), such systems may lock up or reset the PC, thus destroying the content of the volatile memory and making it absolutely impossible to dump RAM contents. Examples of such anti-debugging systems include nProtect GameGuard and the game of Karos.

Many forensic RAM acquisition tools will operate in the least privileged user mode, triggering these protection systems and serving no good to their users. Unlike many competing tools running in system's user mode, Belkasoft RAM Capturer comes equipped with 32-bit and 64-bit kernel drivers allowing the tool to operate in the most privileged kernel mode.

Belkasoft RAM Capturer leaves the smallest footprint possible, does not require installation and can be launched in seconds from a USB flash drive. Memory dumps acquired with Belkasoft RAM Capturer can be then analyzed with Belkasoft Evidence Center Live RAM Analysis.

Kernel-mode forensic memory dumping tool. Capture the content of the computer's volatile memory in a forensically sound way. This free kernel-mode tool comes with 32-bit and 64-bit drivers to overcome active anti-debugging and anti-dumping protection systems.

memory dumping tool, forensic software, memory acquisition, ram dump, volatile memory dump

 
  • Belkasoft RAM Capturer
  • 1.0
  • 20 Feb 13
  • Belkasoft
  • WinXP, WinVista, WinVista x64, Win7 x32, Win7 x64, Win2000, Windows2000, Windows2003, WinServer, Windows Vista, WinNT 4.x
  • Freeware
  • 69 Kb
  • 194
  • Free
 
 
Latest Versions History
Version Date Released Release Notes
1.0 20.02.2013 New release features 32-bit and 64-bit kernel-mode drivers to overcome active anti-debugging and anti-dumping protection.
 
 

Review Belkasoft RAM Capturer

  • captcha
 

Other software of Belkasoft
  • Belkasoft BookaMark  v.2.04Organize and manage your bookmarks easily with Belkasoft BookaMark!Search them by different criteria, find duplicates, export and import fromICQ/Miranda history, XM, Internet Explorer Favorites, Opera Bookmarks, Mozilla/Mozilla FireFox Bookmarks.

New Security software
  • RDS Knight Security Essentials  v.1.6RDS-Knight is the right shield for your windows servers. In minutes you will prevent foreigners from opening a session, avoid brute force attacks on your server, restrict access by device and by time, and provide security for your users environment ...
  • NetBull  v.2.0.3.2NetBull is the best and most undetectable keylogger you can find on the Net. By using the latest in PC monitoring techniques, NetBull tracks activities like Internet browsing, keyboard usage, chat convos, Facebook etc. NetBull site: www.netbull.com ...
  • SpamAssassin in a Box  v.2.2.2SpamAssassin in a Box is a powerful and reliable spam filter for Windows. Beside the famous e-mail filter SpamAssassin, it also contains a Windows system service, making SpamAssassin controllable via the Windows Service Control Manager.