Volatility

Volatile Memory Analysis With Volatility : Coreflood Trojan

Introduction This is the first post of multi part series in which we will walk through basics of volatile Memory analysis with Volatility. Though some knowledge of Windows Internal is desirable but I will try to cover things as we progress. In this post, we will start with analyzing Coreflood Trojan with basic command and …

Volatile Memory Analysis With Volatility : Coreflood Trojan Read More »

Volatility Forensic Analysis: R2D2 Malware

Hunting R2D2 Malware To start on this malware expedition, please download image from here . Once image file is downloaded, lets find out more about it by using volatility imageinfo plugin C:\volatility>volatility.exe -f 0zapftis.vmem imageinfoVolatility Foundation Volatility Framework 2.6INFO : volatility.debug : Determining profile based on KDBG search… Suggested Profile(s) : WinXPSP2x86, WinXPSP3x86 (Instantiated with WinXPSP2x86) AS …

Volatility Forensic Analysis: R2D2 Malware Read More »

Root-me Command and Control Challenges

In this post we will go through command and control challenges on https://www.root-me.org/. Since , this challenge is still open we will not post the answers but will only document the steps and approach that was taken to solve the challenges. Command & Control — level 2 Find workstations hostname from memory dump The first approach that came into my …

Root-me Command and Control Challenges Read More »

Forensic Analysis: jackcr difr challenge

After completing Cridex Malware analysis decided to take up jackcr difr challenge for further learning . I will continue to use Volatility Open Source Framework for this analysis .Also, you can read, Cridex Malware analysis here Challenge The challenge consist of 4 memory dumps and one packet capture. Two memory dumps from user machines , 1 memory dump …

Forensic Analysis: jackcr difr challenge Read More »