Tradecraft Tuesday: Using Memory Forensics to Bring Your Investigations Back from the Dead

Memory Forensics is a required skill for digital analysts these days; it is also needed in order to keep up with advanced attackers. In addition to attackers avoiding disk, thousands of nodes and BYOD are increasing the complexity of investigations. The good news is that while attackers are getting more and more advanced, their code still has to be memory resident in order to run. Memory Forensics can help you recover malicious code that’s trying to ghost you. Here we will demonstrate the importance of including volatile memory in your investigations by covering some ghoulish attack methodologies that we’ve seen in the field. It also includes an overview of the most widely used memory forensics tool, Volatility, by one of its developers.

Register to join the thousands of others following our monthly deep dive on hacker tradecraft and other security news. Registering once gives you access to the monthly series.