Analyzing Physical and Process Memory Dumps for Malware Artifacts
• Memory Forensics Overview
• Old School Memory Analysis
• How Windows Memory Forensic Tools Work
• Windows Memory Forensic Tools
• Dumping Windows Process Memory
• Dissecting Windows Process Memory
The importance of memory forensics in malware investigations cannot be overstated. A complete capture of memory on a compromised computer generally bypasses the methods that malware uses to trick operating systems, providing digital investigators with a more comprehensive view of the malware. In some cases, malware leaves little trace elsewhere on the compromised system and the only clear indications of compromise ...