Running process information: Rogue processes such as rootkits-based malware can be detected via memory forensics.
Passwords: It's easy to find the password (clear text) in memory
Contents of open windows: This is a piece of crucial information to learn about the user's current state.
Network Connection Information: Finding Exfiltration & C2 (Command and control) can be found here. We are all aware of things like TLS etc. The best way to get the decrypted version of the information is in memory.
Passwords: It's easy to find the password (clear text) in memory
Contents of open windows: This is a piece of crucial information to learn about the user's current state.
Network Connection Information: Finding Exfiltration & C2 (Command and control) can be found here. We are all aware of things like TLS etc. The best way to get the decrypted version of the information is in memory.
RSS Feed