This talk is introducing MoonSols Windows Memory Toolkit aims at being the ultimate memory and crash dump acquisition and conversion tool for Windows. Including live acquisition on Windows of Microsoft crash dumps, the conversion of hibernation file into crashdump, and even to get a crashdump of a running VMWare Virtual Machine without rebooting it and without any BSOD!
Matthieu Suiche is security researcher who focus on reverse code engineering and volatile memory forensics. Matthieu actually works for the Netherlands Forensic Institute in The Hague, he also had been speaker in various security conferences such as PacSec, BlackHat USA, EUROPOL High Tech Crime Meeting, Shakacon etc. His previous researches include Windows physical memory forensics (Windows hibernation file, Windd utility to acquire physical memory either as a raw dump or as a Microsoft crash dump file). He is reachable through his website at www.msuiche.net