2016-12-08 08:38 AM
Hello All,
i shearch some information about how Netwitness Endpoint made live memory analysis
1 - agent install as a kernel mode driver
2 use window API to compare in memory and disk image (any more details ??)
Thanks for your help.
