[Forensics-changes] [SCM] debian-forensics/memdump branch, debian-sid, updated. 0ee7b6ce7f81323cfad8b5a9553ce66957a8e3bd

[Christophe Monniez]

The following commit has been merged in the debian-sid branch:
commit 0ee7b6ce7f81323cfad8b5a9553ce66957a8e3bd
Author: Christophe Monniez <christophe.monniez at fccu.be>
Date:   Thu Feb 14 21:09:25 2008 +0100

    Added a brand new man page.

diff --git a/debian/manpage/memdump.1 b/debian/manpage/memdump.1
new file mode 100644
index 0000000..aeddffc
--- /dev/null
+++ b/debian/manpage/memdump.1
@@ -0,0 +1,43 @@
+.TH MEMDUMP 1 "2008-02-14" "0.1" "Memory dumper for unix-like systems."
+
+.SH NAME
+memdump \- A tool that dumps system memory to standard out.
+
+.SH SYNOPSIS
+.B memdump
+.BR [ \-kv ] [ \-b\ read_buffer_size ] [ \-m\ mapfile ] [ \-p\ memory_page-size ] [ \-s\ memory_dump_size ]
+
+.SH DESCRIPTION
+Memdump is a tool that dumps the system memory to the standard output skipping
+holes in memory maps. By default, the program dumps the physical memory.
+.PP
+The main usage of this tool is for forensics puprose.
+WHat can you find in those memory dumps :
+.IP *
+Bits from the operating system.
+.IP *
+Traces from running processes.
+.IP *
+Traces from files and directory that has been recently accessed.
+.IP *
+(maybe) Traces from recently deleted files or exited processes.
+.IP *
+Valuable strings for forensics investigations.
+
+.SH OPTIONS
+.IP "\fB\-k\fR" 4
+Dump kernel memory instead of physical.
+.IP "\fB\-v\fR" 4
+Verbose mode.
+.IP "\fB\-b read_buffer_size\fR" 4
+Specify the size of read buffer.
+.IP "\fB\-m map_file\fR" 4
+Map the memory dump file map_file.
+.IP "\fB\-p memory_page_size\fR" 4
+Specify the size of memory page.
+.IP "\fB\-s memory_dump_size\fR" 4
+Limit the dump size to memory_dump_size.
+
+.SH AUTHOR
+This manual page was written by Christophe Monniez <christophe.monniez at fccu.be>
+for the Debian project (but may be used by others).

-- 
debian-forensics/memdump