From the course: Advanced Malware Analysis: Redux
Join today to access over 23,200 courses taught by industry experts.
Memory analysis part 2 - Redux Tutorial
From the course: Advanced Malware Analysis: Redux
Memory analysis part 2
- [Instructor] Hello everyone, and welcome to Memory Analysis Part 2. In this session, we're going to continue learning about the different ways we can perform memory analysis using Volatility. During the memory analysis process, you should focus on any suspicious processes that are running on the system. In a live incident situation, you may not really know what the process is you're looking for, so you'll have to do a little bit of hunting. Of course, if you've been analyzing a piece of malware, you probably know the process you want to investigate because you've analyzed it previously in your lab. Volatility offers a few plugins that allow you to enumerate a process list. The first is pslist, we've seen this in action already. But we also have psscan and psxview. Now, you might be asking yourself, "Okay, well, why do we have several options to look for processes?" Well, the answer is that psscan, this scans the physical memory for the signature of a process object. Using this…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.