Jump to content
Kwelwild

Memory Forensics With Michael Cohen

Recommended Posts

Posted



Description: A recording of the January DFIROnline meetup with Michael Cohen of Google

Michael is one of the authors of Volatility and has presented a great lab on its' use at quite a few conferences. If you are not familiar with volatility or memory forensics this is not one to miss. The volatility team are also offering training in Windows Memory Forensics, for details see their blog.

Memory forensics and analysis have become very powerful tools for the incident responder. In this workshop we will cover some of the basic ideas behind memory analysis in a practical way focusing on the Volatility Memory Forensics framework - and in particular on the upcoming technology preview branch. The following broad topics will be covered:
1) Memory Acquisition

Volatility contains a full imaging solution for Windows, Linux and OSX systems. In addition to obtaining a fixed memory image, there is support for the analysis of live systems. We describe how to image and analyze live Windows systems and in particular we demonstrate how the running system appears to the forensic examiner with examples of normal and suspicious looking processes.
2) Anti-Forensics

We then examine the fundamentals of memory analysis. In particular we look at anti forensic techniques and how they target Volatility (and other) memory analysis tools.
3) The Volatility Framework

We look at some of the plugins for windows memory analysis and how the different techniques can be used to cross check analysis results and potentially uncover hidden malware.



DFIROnline is a monthly online meeting of digital forensic and incident response professionals. The purpose of these meetups is to enable information sharing among the DFIR community. These session are open to anyone, and occur on the third Thursday of every month at 2000 US eastern time. If you would like to get involved and present something please email meetup at writeblocked.org.

Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.

Original Source:

Sursa: Memory Forensics With Michael Cohen

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...