Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
20 lines (10 sloc) 710 Bytes

#Comparing Host Images/Memory Dumps to Known-Good Baselines

Purpose: Identify deviations from "known-good" which might tend to indicate the presence of malware on a system

Data Required: Memory dumps, Registry dumps, "known good" data

Collection Considerations: This works best when tracked over time rather than as a single comparison. Volatility plugins such as "stalker", "profiler", "regcomp" & "hunter" are useful

Analysis Techniques:

Description

Other Notes

More Info

  • Every Step You Take (video needed, if available)
  • “Several Ways to Skin a Rat", Jamie "Gleeda” Levy (Link needed)
You can’t perform that action at this time.