Finding malware in memory images

Discussion in 'other anti-malware software' started by MrBrian, Oct 7, 2014.

  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From paper "Comparative Analysis of Operational Malware Dynamic Link Library (DLL) Injection Live Response vs. Memory Image" (2012):
    Paper is available at hxxp://ijitcs.com/volume%204_No_1/Ahmed+Alasiri.pdf .

    ----------

    A few of the many Volatility Framework commands:

    psxview:
    malfind:
    Have any of you tried Volatility Framework?
     
  2. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    If you're interesting in this topic, there's an 886 page book called "The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory" (2014).
     
    Last edited: Oct 8, 2014
Loading...