WindowsSCOPE
From Wikipedia, the free encyclopedia
| WindowsSCOPE | |
|---|---|
| Developer | WindowsSCOPE |
| Platform | Windows, Cloud |
| Available in | English |
| Type | Computer forensics, Reverse Engineering |
| Website | http://www.windowsscope.com |
WindowsSCOPE is a memory forensics and reverse engineering product for Windows used for acquiring and analyzing volatile memory.[1] One of its uses is in the detection and reverse engineering of rootkits and other malware.[2] WindowsSCOPE supports acquisition and analysis of Windows computers running Windows XP through Windows 10.
WindowsSCOPE supports both software-based acquisition as well as hardware-assisted methods for both locked and unlocked computers. WindowsSCOPE add-on hardware for memory acquisition uses the PCI Express bus for direct access to system memory. Memory snapshots acquired with WindowsSCOPE are stored in a repository. Memory snapshots in the repository can be compared to track changes in the system over time.[2]