When examining system memory, it is advisable for analysts to follow a methodology. This ensures that all potential evidence is uncovered and can be utilized in an incident investigation. There are a variety of methodologies that can be leveraged. Which specific methodology that is used can often be dependent on the type of incident. For example, a methodology that is geared towards identifying indicators of compromise around a malware infection may yield a great deal of information, but may not be the best approach if the analysts has evidence from other network sources of a suspect IP address.
Memory analysis methodology
Get Digital Forensics and Incident Response now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.