PaulDotCom mailing list archives
Week 2 of the Month of Volatility Plugins is now posted
From: Andrew Case <atcuno () gmail com>
Date: Fri, 21 Sep 2012 10:04:03 -0500
Hello All, I was writing to announce that week 2 of the month of Volatility plugins is finished, and we now have five more in-depth blog posts covering Windows and Linux internals and rootkit detection. Post 1: Atoms (The New Mutex), Classes and DLL Injection This Windows focused post covers investigating malware and understanding infections by analyzing the atom tables. http://volatility-labs.blogspot.com/2012/09/movp-21-atoms-new-mutex-classes-and-dll.html Post 2: Malware in your Windows This Windows focused post covers enumerating and analyzing windows in the GUI subsystem. http://volatility-labs.blogspot.com/2012/09/movp-22-malware-in-your-windows.html Post 3: Event logs and Service SIDs This Windows focused post demonstrates recovering event logs from memory and calculating service SIDs. http://volatility-labs.blogspot.com/2012/09/movp-23-event-logs-and-service-sids.html Post 4: Analyzing the Jynx rootkit and LD_PRELOAD This Linux focused post covers analyzing the Jynx rootkit as well as generic methods for analyzing LD_PRELOAD based rootkits. http://volatility-labs.blogspot.com/2012/09/movp-24-analyzing-jynx-rootkit-and.html Post 5: Investigating In-Memory Network Data with Volatility This Linux focused post goes through each of the Linux Volatility plugins related to recovering network data from memory, such as network connections, packets, and the routing cache. http://volatility-labs.blogspot.com/2012/09/movp-25-investigating-in-memory-network.html If you have any questions or comments on the posts, either leave a comment on the respective post or be brave and reply to the list ;) We will continue our daily blog posts, Monday through Friday, for the next two weeks, so check back often if you have enjoyed these. Thanks, Andrew _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Week 2 of the Month of Volatility Plugins is now posted Andrew Case (Sep 21)