RAMDumpExplorer is a C# program that scans a RAM dump file (.raw) generated by a third-party app and searches for specific patterns using regular expressions.
To use RAMDumpExplorer, follow these simple steps:
-
Generate a RAM dump file using a third-party app.
-
Download it in the Releases
-
Open a command prompt or terminal and navigate to the folder containing the RAMDumpExplorer executable.
-
Run the program with the path to the RAM dump file as the only argument in CMD:
RAMDumpExplorer.exe path/to/ram.raw
-
Wait for the program to finish scanning the file.
-
The program will output the matched patterns to the console.
RAMDumpExplorer is designed to search for two specific patterns:
- Command prompt history - Searches for the last executed commands in a command prompt window.
- Suspicious files - Searches for files that have been recorded in the system's RAM.
- DLLS - Searches for DLLs executed with rundll32/regsvr32.
Created by Bacanoicua.
1.0