Memory
The first vague steps in Windows memory forensics after a recent detection of a client machine beaconing to a known malicious IP.
Recomended readings
Title | |
---|---|
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac MemoryMichael Hale Ligh, Andrew Case, Jamie Levy, AAron Walters ISBN: 978-1-118-82509-9912 pagesOctober 2014 | |
Windows Internals, Part 1 (6th Edition) (Developer Reference) Paperback – March 25, 2012by Mark E. Russinovich (Author), David A. Solomon (Author), Alex Ionescu (Author) ISBN-13: 978-0735648739 ISBN-10: 0735648735 Edition: 6th | |
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code Michael Ligh, Steven Adair, Blake Hartstein, Matthew Richard ISBN: 978-0-470-61303-0744 pagesOctober 2010 | |
The Volatility cheet sheet 2.3 | |
SANS Memory Forensics Cheat Sheet v1.0 | |
Training slides provided by Basistech | |
Virustotal search engine | |
FortiGuard Threat Research Center |
Good sample discovering a Zeus Trojan by Javier Nieto