Memory analysis

As the necessity for analyzing the memory of systems has increased, there are several tools that analysts have at their disposal. This chapter will focus on three such tools; all of them are either open source or freeware and can be deployed easily. These tools allow analysts to gain critical insight into the activity of exploits and malware that have impacted a system.

Throughout this chapter, a memory capture will be utilized. This memory capture is from a Windows system that has been infected by the Stuxnet virus. The memory image can be downloaded from the following site: jonrajewski.com/data/Malware/stuxnet.vmem.zip.

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.