Blog Posts Tagged with "Memory"

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: Analyzing a Stuxnet Memory Dump

November 29, 2011 Added by:Dan Dieterle

Take a look at a memory dump from a system with Stuxnet - this code has execute and read write permissions. We could go on and find Stuxnet registry key settings, hidden Dll’s, file objects and numerous other artifacts in this memory sample all with using Volatility...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: Pull Process and Network Connections from a Memory Dump

November 23, 2011 Added by:Dan Dieterle

From the output of the command, we see the physical memory location, process name and the PID number of all processes that were running. This helps deduce if something was running that should not have been and allows you to view programs that may be running under the process...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: How to Pull Passwords from a Memory Dump

November 13, 2011 Added by:Dan Dieterle

We now have a list of where several key items are located in the memory dump. Next, we will extract the password hashes from the memory dump. To do this we need to know the starting memory locations for the system and same keys...

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Memory Forensics: How to Capture Memory for Analysis

November 10, 2011 Added by:Dan Dieterle

Analysts use memory dumps to analyze malicious software. Once you have the memory dump, you can perform some very interesting analysis on it, like viewing what processes and programs were running on the machine, and what network connections the system had. You can even pull passwords from them...

Comments  (2)

8c4834b99847b9f7c9ee94b45df086f9

The Next Generation of Non-Volatile Memory

October 12, 2011 Added by:Emmett Jorgensen

When will manufacturers stop using Flash as the primary storage? Consider that in 2002 many experts assumed that Flash cells would not be stable when scaled past 45nm and predicted that it would need to be replaced by 2010. We know now that those predictions proved to be false...

Comments  (4)