# WindowsSCOPE > Mediated Wiki article. Canonical URL: https://mediated.wiki/source/WindowsSCOPE > Markdown URL: https://mediated.wiki/source/WindowsSCOPE.md > Source: https://en.wikipedia.org/wiki/WindowsSCOPE > Source revision: 1329658128 > License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/) Memory forensics and reverse engineering product WindowsSCOPE Developer WindowsSCOPE Platform Windows, Cloud Available in English Type Computer forensics, Reverse Engineering Website http://www.windowsscope.com **WindowsSCOPE** is a memory forensics and [reverse engineering](/source/Reverse_engineering) product for [Windows](/source/Windows) used for acquiring and analyzing volatile memory.[1] One of its uses is in the detection and reverse engineering of [rootkits](/source/Rootkits) and other [malware](/source/Malware).[2] WindowsSCOPE supports acquisition and analysis of Windows computers running [Windows XP](/source/Windows_XP) through [Windows 10](/source/Windows_10). ## Acquisition WindowsSCOPE supports both software-based acquisition as well as hardware-assisted methods for both locked and unlocked computers. WindowsSCOPE add-on hardware for memory acquisition uses the [PCI Express](/source/PCI_Express) bus for direct access to system memory. Memory snapshots acquired with WindowsSCOPE are stored in a repository. Memory snapshots in the repository can be compared to track changes in the system over time.[2] ## Analysis WindowsSCOPE shows [processes](/source/Process_(computing)), [DLLs](/source/Dynamic-link_library), and [drivers](/source/Device_driver) running the computer at the time of the memory snapshot as well as open [network sockets](/source/Network_socket), [file handles](/source/File_handles), and [registry key](/source/Windows_Registry) handles. It also provides [disassembly](/source/Disassembler) and [control-flow graphing](/source/Control-flow_graph) for executable code. WindowsSCOPE Live is a version of the tool that allows analysis to be performed from a mobile device.[3] ## References 1. **[^](#cite_ref-klanke_1-0)** Klanke, Russ (23 November 2009). ["Digital Forensics Links"](http://aggressivevirusdefense.wordpress.com/2009/11/22/digital-forensics-links/). *Aggressive Virus Defense*. Retrieved 10 April 2012. 1. ^ [***a***](#cite_ref-Le_Masle_2-0) [***b***](#cite_ref-Le_Masle_2-1) Le Masle, Adrien. ["Detecting the HackerDefender rootkit using WindowsSCOPE"](http://www.doc.ic.ac.uk/~al1108/website/doku.php?id=windowsscope). Imperial College London. Retrieved 10 April 2012. 1. **[^](#cite_ref-Storm_3-0)** Storm, Darlene. ["Encrypt: Be anti-forensic friendly to protect your Android and your privacy"](http://blogs.computerworld.com/19469/encrypt_be_anti_forensic_friendly_to_protect_your_android_and_your_privacy). *Security Is Sexy*. Computerworld. Retrieved 10 April 2012. ## External links - [WindowsSCOPE Web Site](http://www.windowsscope.com) --- Adapted from the Wikipedia article [WindowsSCOPE](https://en.wikipedia.org/wiki/WindowsSCOPE) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/WindowsSCOPE?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.