My first steps into Memory Forensics
" Memory Forensics is a practice useful in areas like incident response, malicious code analysis, network security, threat intelligence gathering. Each function performed by an operating system or application results in a specific modifications to the computer’s memory (RAM), which can often persist a long time after the action, essentially preserving them. Memory Forensics provide unprecedented visibility into the runtime state of the system, such as which processes were running, open connections, and recently executed commands. " I've written this blog post to introduce some fundamental skills in Memory Forensics . Over the past year, I’ve explored various tools and techniques for hunting malware in memory dumps, gaining insights into memory virtualization and the critical relationship between an operating system and its hardware . As part of this article, I’ve included a hands-on tutorial on using the Volatility Framework to analyze Windows processes and detect pot...
