SANS Digital Forensics and Incident Response Blog: Category - Memory Analysis

Updated Memory Forensics Cheat Sheet

Just in time for the holidays, we have a new update to the Memory Forensics Cheatsheet! Plugins for the Volatility memory analysis project are organized into relevant analysis steps, helping the analyst walk through a typical memory investigation. We added new plugins like hollowfind and dumpregistry, updated plugin syntax, and now include help for those … Continue reading Updated Memory Forensics Cheat Sheet


Acquiring a Memory Dump from Fleeting Malware

Introduction The acquisition of process memory during behavioural analysis of malware can provide quick and detailed insight. Examples of where it can be really useful include packed malware, which may be in a more accessible state while running, and malware, which receives live configuration updates from the internet and stores them in memory. Unfortunately the … Continue reading Acquiring a Memory Dump from Fleeting Malware


Coin Check: Win the challenge, join the elite list of lethal forensicators & take home a brand new DFIR challenge coin!

Hundreds of SANS Institute digital forensics students have stepped up to the challenge and conquered. They've mastered the concepts and skills, beat out their classmates, and proven their prowess. These are the elite, the recipients of the SANS Lethal Forensicator Coin, an award given to a select portion of the thousands of students that … Continue reading Coin Check: Win the challenge, join the elite list of lethal forensicators & take home a brand new DFIR challenge coin!


Turning a Snapshot into a Story: Simple Method to Enhance Live Analysis

System snapshots are a core component when conducting forensic analysis on a live machine. They provide critical insight intowhat was going on at the time they were taken, but this is also their limitation: your view is limited to a precise moment in time, without context and the opportunity to observe changes as they … Continue reading Turning a Snapshot into a Story: Simple Method to Enhance Live Analysis


DFIR Summit 2017 - CALL FOR PRESENTATIONS

Call for Presentations Now Open! Submit your proposal here: http://dfir.to/DFIR-CFP-2017 Deadline: January 16th at 5pm CT The 10th Annual Digital Forensics and Incident Response Summit Call for Presentations is open through 5 pm EST on Monday, January 16, 2017. If you are interested in presenting or participating on a panel, we'd be … Continue reading DFIR Summit 2017 - CALL FOR PRESENTATIONS