Five memory images were created by Jesse Kornblum of ManTech .
The archive, a .RAR file,
(http://www.rarlab.com/) contains images from the following systems.
All of the 'boomer' systems were not engaged in any malicious or even
network based activity at the time of imaging. The boomer system has
1GB of RAM.
** boomer-win2003:
Windows 2003 SP0 installed on a standalone machine named Boomer.
Not activated. Running Notepad.
** boomer-win2k:
Windows 2000 SP0 installed on a standalone machine named Boomer.
Note that this image contains several possible System EPROCESS
blocks. The "correct" block is at offset 0x5d008e0.
Running a command prompt, WordPad, and Notepad.
** vista-beta2:
Windows Vista Beta 2 (build 5384) installed on a standalone machine
named Boomer. Not activated. Running a few programs such as
Windows Media Player, Notepad, MineSweeper, and Solitaire.
** xp-laptop-2005-06-25:
** xp-laptop-2005-07-04:
Windows XP installed on a Toshiba laptop connected to a network
The image from June 25th was running Firefox and had recently
been pointed http://mit.edu/. It was also running Internet
Explorer pointed at http://nytimes.com/.
The image from July 4th was running Firefox and had recently
been pointed to http://www.w3.org/