Memory forensic using Cuckoo Sandbox – using memory dump features

This section deals with memory forensic using Volatility. This chapter only introduces a little bit about the Volatility feature and its installation. Detailed explanation and exercises will be provided in the next chapter. This section will guide you on how to install Volatility and its basic usage.

Now we are ready to use more advanced Cuckoo features. It was Cuckoo's ability to take a memory dump of running processes in the Guest OS. First, we need to modify the configuration for Cuckoo so that the memory dump may be created before the machine shuts down:

  1. Edit the cuckoo.conf file that is in the conf/ directory and write down the configuration memory_dump = on.
  2. Edit the reporting.conf ...

Get Cuckoo Malware Analysis now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.