-
-
Notifications
You must be signed in to change notification settings - Fork 94
Device_USB3380
The LeechCore library supports reading memory using USB3380 PCIe to USB hardware.
Facts in short:
- Is supported on all supported platforms.
- Acquires memory in read/write mode.
- Acquired memory is assumed to be volatile.
- Have additional requirements.
The USB3380 is only able to acquire memory below 4GB due to a 32-bit addressing limitation. The USB3380 is slow when acquiring sparse non-contiguous memory. FPGA devices are recommended over the USB3380 when acquiring memory with PCIe DMA.
LeechCore API:
Please specify the acquisition device type (and optionally the USB2 option to downgrade speed) LC_CONFIG.szDevice when calling LcCreate. Examples: USB3380 or USB3380://USB=2.
PCILeech / MemProcFS:
Please specify the device type in the -device option.
Examples:
-device USB3380
-device USB3380://USB=2
Requires the USB3380 hardware which is connected to the target computer over PCIe and to the analysis computer over USB.
On Windows no additional requirements exist while it depends on libusb on Linux. For more details check out the PCILeech USB3380 README in the PCILeech project.
Sponsor PCILeech and MemProcFS:
PCILeech and MemProcFS is free and open source!
I put a lot of time and energy into PCILeech and MemProcFS and related research to make this happen. Some aspects of the projects relate to hardware and I put quite some money into my projects and related research. If you think PCILeech and/or MemProcFS are awesome tools and/or if you had a use for them it's now possible to contribute by becoming a sponsor!
If you like what I've created with PCIleech and MemProcFS with regards to DMA, Memory Analysis and Memory Forensics and would like to give something back to support future development please consider becoming a sponsor at: https://github.com/sponsors/ufrisk
Thank You 💖