Monthly Archives: September 2011

Volatility Memory Forensics | DumpIt

Posted on September 24, 2011 by evild3ad

Before you can conduct victim system analysis you need to capture memory. MoonSols DumpIt is used to generate a physical memory dump of Windows machines. It works with both x86 (32-bits) and x64 (64-bits) machines. Only a double click on … Continue reading

Posted in English, Malware Forensics, Memory Forensics, Volatility | Leave a comment

Volatility Memory Forensics | Basic Usage for Malware Analysis

Posted on September 20, 2011 by evild3ad

Here is a real-world example of using Volatilty and YARA. You can download this good old ZeuS image from the Malware Analyst’s Cookbook: zeus.vmem.zip [41,4 MB] 1.) Go into your Volatility directory 2.) If you don’t know what type of … Continue reading

Posted in Banking Trojan, English, Malware Forensics, Memory Forensics, Volatility | 2 Comments

Volatility Memory Forensics | Installation in Ubuntu

Posted on September 18, 2011 by evild3ad

Requirements: A Windows, Linux, or Mac OS X machine Python version 2.6 or greater, but not 3.x (already installed on Ubuntu) Supported Samples 32bit Windows XP Service Pack 2 and 3 32bit Windows 2003 Server Service Pack 0, 1, 2 … Continue reading

Posted in English, Malware Forensics, Memory Forensics, Volatility | Leave a comment