ManTech Releases Memory Forensics Tool

August 19, 2008

ManTech Memory DD 1.3, a physical memory acquisition tool for imaging Windows based computers has been released. ManTech Memory DD captures a record of physical or random access memory which is lost when a computer is shutdown. Available for government and other private uses, ManTech Memory DD is capable of acquiring memory images from the following Microsoft products: Windows 2000, Windows Server 2003, Windows XP, Windows Vista, and Windows Server 2008. All of these operating systems are supported in both their 32-bit and 64-bit versions.

ManTech Memory DD 1.3 acquires a forensic image of physical memory and stores it as a raw binary file. To help verify data integrity and aid in the preservation of the evidence, the information captured by ManTech Memory DD is checked by the Message-Digest algorithm 5 (MD5), the common Internet standard used in security applications. The binary file can then be analyzed using external tools to identify items of interest to the examiner.

There have been numerous, well-documented computer exploits that never leave evidence on a computer's persistent storage devices, such as hard drives. These exploits reside solely in the physical memory of the machine. When the machine is powered off, the evidence of the exploit vanishes. In some cases, evidence of online communication (such as chat sessions) resides in memory even after the communication has terminated. Encryption keys for disk encryption utilities can often be recovered from physical memory as well. The ability to image physical memory allows the forensic examiner to recover valuable information that would otherwise be lost forever. With ManTech Memory DD it is now easy for the Department of Defense, Intelligence Community, law enforcement, and commercial organizations to acquire and preserve physical memory images.

ManTech's Memory DD is currently used by government agencies and its own computer forensics and intrusion analysis professionals, which are a center of excellence that the U.S. government and the Intelligence Community rely on to solve their most difficult computer forensics and information security challenges. ManTech supports over twenty sensitive clients in the national security and Intelligence Communities, as well as federal and state agencies and Fortune 500 corporations.

ManTech Memory DD is available to government agencies, commercial organizations, and individuals that use the product for their commercial and private endeavors. The technology can also be licensed for inclusion into commercial tools.