Studying memory with the Volatility memory dump analyzer
Conclusions
The developers put a lot of hard work into the latest version of Volatility, and the new Linux commands expand the feature set substantially. Compared with the previous methods of memory assessment, restricted mostly to strings
commands, the new tools seem like a quantum leap that will continue with Android and iOS in version 2.3. The downside is that creating profiles is time-consuming, although not the fault of Volatility. Perhaps the distribution developers should consider their duties.
Infos
- Results from Princeton University: https://citp.princeton.edu/research/memory/
- Volatility: http://code.google.com/p/volatility/
- From Volatools to Volatility: http://computer.forensikblog.de/en/2007/08/from-volatools-to-volatility.html
- LiME: http://code.google.com/p/lime-forensics/
- Memory Dumps: http://code.google.com/p/volatility/wiki/SampleMemoryImages
- Helix CD: http://www.e-fense.com/products.php
- LiME download: http://code.google.com/p/lime-forensics/downloads/list
- Fmem: http://hysteria.sk/~niekt0/fmem/
- Msramdump: http://www.mcgrewsecurity.com/tools/msramdmp/
- Volatility with plugins: http://code.google.com/p/volatility/wiki/FullInstallation
- Dwarf: http://dwarfstd.org
- An infected server for practice purposes: http://www.honeynet.org/challenges/2011_7_compromised_server
- Sleuth Kit: http://www.sleuthkit.org/
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)