As was stated previously, one of the central goals of memory analysis is to determine whether there are any suspicious data points indicative of malware. In the event that data points such as those from the Cridex memory image are located, they can be acquired for further analysis.
Volatility evidence extraction
by Gerard Johansen
Digital Forensics and Incident Response - Second Edition
- Title Page
- Copyright and Credits
- About Packt
- Contributors
- Preface
- Section 1: Foundations of Incident Response and Digital Forensics
- Understanding Incident Response
- Managing Cyber Incidents
- Fundamentals of Digital Forensics
- Section 2: Evidence Acquisition
- Collecting Network Evidence
- Acquiring Host-Based Evidence
- Forensic Imaging
- Section 3: Analyzing Evidence
- Analyzing Network Evidence
- Analyzing System Memory
- Memory analysis overview
- Memory analysis methodology
- Memory analysis with Redline
- Memory analysis with Volatility
- Memory analysis with strings
- Summary
- Questions
- Further reading
- Analyzing System Storage
- Analyzing Log Files
- Writing the Incident Report
- Section 4: Specialist Topics
- Malware Analysis for Incident Response
- Leveraging Threat Intelligence
- Hunting for Threats
- Appendix
- Assessment
- Chapter 1: Understanding Incident Response
- Chapter 2: Managing Cyber Incidents
- Chapter 3: Fundamentals of Digital Forensics
- Chapter 4: Collecting Network Evidence
- Chapter 5: Acquiring Host-Based Evidence
- Chapter 6: Forensic Imaging
- Chapter 7: Analyzing Network Evidence
- Chapter 8: Analyzing System Memory
- Chapter 9: Analyzing System Storage
- Chapter 10: Analyzing Log Files
- Chapter 11: Writing the Incident Report
- Chapter 12: Malware Analysis for Incident Response
- Chapter 13: Leveraging Threat Intelligence
- Chapter 14: Hunting for Threats
- Other Books You May Enjoy
Volatility evidence extraction
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.