Once you acquire the memory of an infected system, the next step is to analyze the acquired memory image. Volatility (http://www.volatilityfoundation.org/releases) is an open source advanced memory forensics framework written in Python that allows you to analyze and extract digital artifacts from the memory image. Volatility can run on various platforms (Windows, macOS, and Linux), and it supports analysis of memory from 32-bit and 64-bit versions of Windows, macOS, and Linux operating systems.
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
- Introduction to Malware Analysis
- Static Analysis
- Dynamic Analysis
- 1. Lab Environment Overview
- 2. System And Network Monitoring
- 3. Dynamic Analysis (Monitoring) Tools
- 4. Dynamic Analysis Steps
- 5. Putting it All Together: Analyzing a Malware Executable
- 6. Dynamic-Link Library (DLL) Analysis
- Summary
- Assembly Language and Disassembly Primer
- 1. Computer Basics
- 2. CPU Registers
- 3. Data Transfer Instructions
- 4. Arithmetic Operations
- 5. Bitwise Operations
- 6. Branching And Conditionals
- 7. Loops
- 8. Functions
- 9. Arrays And Strings
- 10. Structures
- 11. x64 Architecture
- 12. Additional Resources
- 13. Summary
- Disassembly Using IDA
- Debugging Malicious Binaries
- 1. General Debugging Concepts
- 2. Debugging a Binary Using x64dbg
- 2.1 Launching a New Process in x64dbg
- 2.2 Attaching to an Existing Process Using x64dbg
- 2.3 x64dbg Debugger Interface
- 2.4 Controlling Process Execution Using x64dbg
- 2.5 Setting a Breakpoint in x64dbg
- 2.6 Debugging 32-bit Malware
- 2.7 Debugging 64-bit Malware
- 2.8 Debugging a Malicious DLL Using x64dbg
- 2.9 Tracing Execution in x64dbg
- 2.10 Patching in x64dbg
- 3. Debugging a Binary Using IDA
- 3.1 Launching a New Process in IDA
- 3.2 Attaching to an Existing Process Using IDA
- 3.3 IDA's Debugger Interface
- 3.4 Controlling Process Execution Using IDA
- 3.5 Setting a Breakpoint in IDA
- 3.6 Debugging Malware Executables
- 3.7 Debugging a Malicious DLL Using IDA
- 3.8 Tracing Execution Using IDA
- 3.9 Debugger Scripting Using IDAPython
- 4. Debugging a .NET Application
- Summary
- Malware Functionalities and Persistence
- Code Injection and Hooking
- 1. Virtual Memory
- 2. User Mode And Kernel Mode
- 3. Code Injection Techniques
- 4. Hooking Techniques
- 5. Additional Resources
- Summary
- Malware Obfuscation Techniques
- Hunting Malware Using Memory Forensics
- 1. Memory Forensics Steps
- 2. Memory Acquisition
- 3. Volatility Overview
- 4. Enumerating Processes
- 5. Listing Process Handles
- 6. Listing DLLs
- 7. Dumping an Executable and DLL
- 8. Listing Network Connections and Sockets
- 9. Inspecting Registry
- 10. Investigating Service
- 11. Extracting Command History
- Summary
- Detecting Advanced Malware Using Memory Forensics
- Other Books You May Enjoy
3. Volatility Overview
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.