Check out this month’s issue of eForenics Magazine for my article on Memory Analysis using Volatility 2.2 and DumpIt!
“Analyzing system memory for artifacts is a technique used by forensic analysts, security specialists and those that analyze malware.
In this article we will cover how to obtain a complete copy of system memory from a computer using the easy to use program “DumpIt”. We will then take this memory dump and analyze it with the popular memory analysis tool “Volatility”.
With Volatility, you can pull a list of what software was installed on a system, what processes were running, what network connections were active, and a whole lot more.
We will look at all of this and even see how to pull password hashes from a memory dump. Lastly we will try our hand at analyzing a memory image infected with a sample of Stuxnet.”
The magazine also includes:
- Cold Boot Memory Forensics by Alexander Sverdlov
- MALWARE FORENSICS & ZEUS by Mikel Gastesi , Jozef Zsolnai & Nahim Fazal
- Establishing a Center for Digital Forensics Investigative Services on the Cloud by Dr. Rocky Termanini
- Digital Continuity of Government Records by Dr. Stilianos Vidalis
- And more!