Menu
Memory Forensics
Running process information: Rogue processes such as rootkits-based malware can be detected via memory forensics.
Passwords: It's easy to find the password (clear text) in memory Contents of open windows: This is a piece of crucial information to learn about the user's current state. Network Connection Information: Finding Exfiltration & C2 (Command and control) can be found here. We are all aware of things like TLS etc. The best way to get the decrypted version of the information is in memory. |
Archives
August 2019
Categories |