Malware Analysis

  1. Memory Forensics in Malware Analysis
    1. Capturing Memory Dumps
      1. Tools for Memory Acquisition
        1. FTK Imager
          1. DumpIt
            1. WinPmem
              1. LiME (Linux)
              2. Best Practices for Memory Capture
                1. Timing Considerations
                  1. Integrity Verification
                2. Analyzing Memory with Volatility Framework
                  1. Setting Up Volatility
                    1. Installation
                      1. Profile Selection
                      2. Common Volatility Plugins
                        1. pslist
                          1. pstree
                            1. netscan
                              1. malfind
                                1. yarascan
                              2. Extracting Malware Artifacts from Memory
                                1. Running Processes
                                  1. Process Identification
                                    1. Hidden Processes
                                    2. Network Connections
                                      1. Active Connections
                                        1. Listening Ports
                                        2. Loaded DLLs and Drivers
                                          1. Module Analysis
                                            1. Unsigned Drivers
                                            2. Injected Code
                                              1. Process Injection Detection
                                                1. Code Cave Analysis
                                                2. Command History
                                                  1. Console Commands
                                                    1. PowerShell History
                                                    2. Registry Keys
                                                      1. Registry Hive Analysis
                                                        1. Volatile Registry Data
                                                        2. Extracting Strings from Memory
                                                          1. ASCII Strings
                                                            1. Unicode Strings
                                                              1. Pattern Matching

                                                          Previous

                                                          8. Specialized Malware Analysis

                                                          Go to top

                                                          Next

                                                          10. Reporting and Threat Intelligence Integration