Volatility Memory Analysis Article Featured in eForensics Magazine
Check out this month’s issue of eForenics Magazine for my article on Memory Analysis using Volatility 2.2 and DumpIt!
“Analyzing system memory for artifacts is a technique used by forensic analysts, security specialists and those that analyze malware.
In this article we will cover how to obtain a complete copy of system memory from a computer using the easy to use program “DumpIt”. We will then take this memory dump and analyze it with the popular memory analysis tool “Volatility”.
With Volatility, you can pull a list of what software was installed on a system, what processes were running, what network connections were active, and a whole lot more.
We will look at all of this and even see how to pull password hashes from a memory dump. Lastly we will try our hand at analyzing a memory image infected with a sample of Stuxnet.”
The magazine also includes:
- Cold Boot Memory Forensics by Alexander Sverdlov
- MALWARE FORENSICS & ZEUS by Mikel Gastesi , Jozef Zsolnai & Nahim Fazal
- Establishing a Center for Digital Forensics Investigative Services on the Cloud by Dr. Rocky Termanini
- Digital Continuity of Government Records by Dr. Stilianos Vidalis
- And more!