SandMan 1.0.080226 is out!
 Matthieu Suiche (msuiche) <matt msuiche net> |
Tuesday, February 26 2008 13:41.32 CST |
What is SandMan?
SandMan is a (live) forensic & offensic framework providing a C library and a python portage to make readable and writable the hibernation file.
SandMan is open-source and now available at the following link:
http://sandman.msuiche.net.
Sample of code using SandMan (python)
#!/usr/bin/python
#
#
#Module Name:
#
# sample1.py
#
#Abstract:
#
# - Display target version.
# - Build a physical memory dump from a hibernation file.
#
#Environment:
#
# - Python
#
#Revision History:
#
# - Matthieu Suiche
#
import sys
import sandman
if len(sys.argv) != 3:
print "Matthieu Suiche - http://sandman.msuiche.net/"
print "Usage: sample.py hiberfil.sys physical_dump.vmem"
sys.exit(1)
s = sandman.hiber_open(sys.argv[1])
ver = sandman.hiber_get_version(s);
print "Windows version %d.%d.%d\n" % (ver & 0xFF, (ver & 0xFF00) >> 8, ver >> 16)
print "Generate physical memory dump..."
sandman.hiber_dump(s, sys.argv[2])
print "Done."
sandman.hiber_close(s)
Cheers,
(Original blog post:
http://www.msuiche.net/2008/02/26/sandman-10080226-is-out/)
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |