SSL Key/Cert Finder
In 2006 I published a paper titled All Your Private Keys are Belong to Us — Extracting RSA Private Keys and Certificates from Process Memory in which I discussed a novel technique to extract RSA private keys and SSL certificates from process memory.
The standard storage formats for RSA private keys and SSL certificates, as described in PKCS #8 and x509 respectively, are used to create a signature for locating them in memory. Using this signature, a simple pattern match could be done to extract the candidate asymmetric keys in their plaintext form, which could then be verified using an external tool such as OpenSSL.
► SSL Key/Cert finder IDA Pro plugin v1.0 (compatible with IDA Pro 4.6 and later; 32-bit)
Michael Hale Ligh, a core developer of The Volatility Framework, wrote an interesting blog post analyzing Stuxnet's footprint in memory with the afore-mentioned Volatility plugin.