Memory analysis
As the necessity for analyzing the memory of systems has increased, there are several tools that analysts have at their disposal. This chapter will focus on three such tools; all of them are either open source or freeware and can be deployed easily. These tools allow analysts to gain critical insight into the activity of exploits and malware that have impacted a system.
Note
Throughout this chapter, a memory capture will be utilized. This memory capture is from a Windows system that has been infected by the Stuxnet virus. The memory image can be downloaded from the following site: jonrajewski.com/data/Malware/stuxnet.vmem.zip.
Memory analysis methodology
When examining system memory, it is advisable for analysts to follow a methodology. This ensures that all potential evidence is uncovered and can be utilized in an incident investigation. There are a variety of methodologies that can be leveraged. Which specific methodology that is used can often be dependent on the type of incident...
