Hello. I have a project to develop a tool that reads Windows 7 raw memory dump. My lecturer says that he'd rather we use python or c coz that's his specialy but we can choose whatever. We chose python (bcoz i feel like its an opportunity to further learn about python) but what do you guys think? what language would be a good choice? then theres the whole GUI thing to think about, if we use python we gotta find a GUI framework etc...

Anyway, so this tool is suppose to get the network packet from a memory dump file and then analyse it to get some data. We're having trouble just trying to figure out where to start looking. i mean obviously reading through the pcap is one place to start but then what else? what else do we need to start chugging this train along? to actually start development.

My lecturer has given us all the functional requirements, things the tool should be able to do like calculating hash, detect ip packet, get info from ip packet, etc. but to actually start coding, what else should we look into besides pcap?

Any direction/help/insturctions, we are forever thankful for.

You broached a few topics. So let's find them and get you started.

  1. Tools. This is your choice or if an assignment, set by the master (teacher.) Tools are pretty much just that. The results vary with your skills with the tool. In other words, if you have a hammer, everything looks like a nail.

  2. The memory dumps may be uninteresting and not guaranteed to hold what you are looking for. But let me discount that you know what you are looking for and have a MANUAL PROCESS that you are looking to automate. HERE'S THE BIG DEAL. Ready? To code such a tool means you have a process or document that details the procedure and shows the results. Without this document, you are lost.

  3. Guessing here you need more docs on dumps. That's you and Google. Example: https://www.google.com/search?q=reads+Windows+7+raw+memory+dump