THE DFIR BLOG
Menu

Memory Forensics

What Memory (RAM) can Tell us? (Top 4 Things)

7/7/2019

 
Running process information: Rogue processes such as rootkits-based malware can be detected via memory forensics.
Passwords: It's easy to find the password (clear text) in memory 
Contents of open windows: This is a piece of crucial information to learn about the user's current state.
Network Connection Information: Finding Exfiltration & C2 (Command and control) can be found here. We are all aware of things like TLS etc. The best way to get the decrypted version of the information is in memory.

Comments are closed.

    Archives

    August 2019
    July 2019
    April 2019
    March 2019

    Categories

    All
    Ctf
    Defcon
    DFIR
    Forensics
    Memory
    Memory Forensics

    RSS Feed

  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me
  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me