11 Artifact, Malware, and Ransomware Analysis

In this chapter, we’ll cover several different tools to uncover various digital artifacts, malware, and ransomware, some of which reside in RAM and the swap file, which, as we learned in the previous chapter, can be quite useful in our DFIR investigations.

To start things off, we will look into artifact analysis using tools such as p0f to identify devices and operating systems, use swap_digger for swap file analysis, and then use MimiPenguin for password dumping. Following this, we will dive into malware analysis using pdf-parser and PDFiD for PDF malware analysis, use Hybrid Analysis for malicious file analysis, and then end things off by using Volatility 3 for ransomware analysis.

The following ...

Get Digital Forensics with Kali Linux - Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Digital Forensics with Kali Linux - Third Edition by Shiva V. N. Parasram

11

Artifact, Malware, and Ransomware Analysis

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly