WindowsSCOPE

WindowsSCOPE is a memory forensics and incident response software company focused on Windows-based systems. The company develops tools that enable forensic analysis of physical memory on Windows computers, supporting versions from Windows XP through Windows 10. The core product, WindowsSCOPE, performs reverse-engineering of a Windows operating system and its running software directly from physical memory. It automatically enumerates processes, threads, drivers, open files, registry keys, and network sockets. The tool also includes data search capabilities for locating specific content such as URLs, credit card numbers, and names within captured memory snapshots. In addition to the software, WindowsSCOPE offers hardware accessories for memory acquisition: - CaptureGUARD Express: An ExpressCard device that captures physical memory and produces WinDD-format memory dump files compatible with WindowsSCOPE and other tools. - CaptureGUARD Gateway: An ExpressCard device that enables access to locked Windows computers for memory acquisition and live analysis, supporting Windows XP through Windows 7. - WindowsSCOPE Phantom Probe: A USB 3.0 dongle that runs an agent capable of capturing memory snapshots from supported Windows computers for later import and analysis. The software is available in a node-locked version via their online store, as well as through cloud rental arrangements. WindowsSCOPE is associated with the parent company BlueRisc. The company reports customers in over 20 countries, including the US, Canada, Europe, and Asia. The product is targeted at security and forensics professionals conducting incident response and breach investigations.