Nytro Posted January 2, 2013 Report Posted January 2, 2013 [h=1]Public Replay: THA Deep Dive – Analyzing Malware in Memory[/h]December 31, 2012 On Monday December 18, 2012 we had our first THA Deep Dive Webinar. Andrew Case, THA instructor and Volatility core developer, discussed Analyzing Malware in Memory. Andrew went over many topics, starting with what memory forensics actually is, and the differences between memory and live forensics. He then went on to discuss Volatility, a framework for the extraction of digital artifacts from volatile memory (RAM) samples. Detailed information about Volatility covered the following areas: OverviewPer-Process AnalysisAPI hookingMisc. Process DataGUI SubsystemRegistry in MemoryCallbacksIRP HookingDevicesMBR & MFT The session wrapped up with suggested resources for further reading, as well as reference links in the slides. There were some audio issues during the presentation, so as you watch the video, know that it isn’t your computer! The slides are available for download here. Please feel free to contact us if you have any questions!Download slides:www.thehackeracademy.com/wp-content/uploads/2012/12/THA-Deep-Dive-Analyzing-Malware-in-Memory.pdfPrezentare:https://www.thehackeracademy.com/public-replay-tha-deep-dive-analyzing-malware-in-memory/ Quote
