We are excited to announce the release of the Memory Analysis 0.8 package. The main feature of this version is the introduction of console information extraction.
Consoles
Extracting console information is a valuable capability for forensics, malware analysis, and CTF challenges.
Our initial implementation supports the following systems:
- Windows XP (x86/x64, all service packs)
- Windows Vista (x86/x64, all service packs)
- Windows 7 (x86/x64, all service packs)
- Windows 8 (x86/x64)
- Windows 8.1 (x86/x64)
- Windows 11 (x64, latest releases)
Windows Server editions with matching kernel versions are supported as well.
The internal implementation of consoles on Windows has evolved significantly over the years, and we may add support for Windows 10 versions in the future.
The extraction of console information can be specified as an option in the initialization dialog.
Alternatively, it can be performed through an action after the analysis.
Kernel Callbacks
We have also added support for kernel callbacks, which can be useful for identifying malicious kernel components.
In addition to these features, this release contains several bug fixes and internal improvements to enhance reliability and performance.