Investigating Malware Using Memory Forensics - A Practical Approach

Dive into the practical world of memory forensics in this Black Hat conference talk. Learn how to detect, investigate, and understand malware capabilities through hands-on demonstrations. Explore various tricks and techniques employed by malicious software, including stealth and evasive capabilities. Follow along as the speaker covers memory acquisition, analysis of infected systems featuring KeyBase Malware and Darkcomet RAT, investigation of hollow process injection, and rootkit analysis including ZeroAccess and Necurs. Gain valuable insights into malware investigation techniques from an experienced information security investigator and author.

Investigating Malware Using Memory Forensics - A Practical Approach
Monnappa KA • Info Security Investigator - Cisco CSIRT • Author of the Book: Learning Malware Analysis • Member of Black Hat Review Board • Co-founder Cysinfo Security Community • Creator of Limon Sandbox • Winner of Volatility Plugin Contest 2016
Memory Acquisition - Dumping the memory of a target machine to disk
Memory Analysis of Infected System (KeyBase Malware)
Memory Analysis of Infected System (Darkcomet RAT)
Investigating Hollow Process Injection
Investigating Rootkits
Memory Analysis of ZeroAccess Rootkit
Example - Memory Analysis of Necurs Rootkit