Memory Analysis

Understanding Memory:

Memory forensics methodology:

  1. Identify rouge processes

  2. Analyze process objects

  3. Review network artifacts

  4. look for evidence of code injection

  5. audit drivers and rootkit detection

  6. dump suspicious processes and drivers

LogoGitHub - evild3ad/MemProcFS-Analyzer: MemProcFS-Analyzer - Automated Forensic Analysis of Windows Memory Dumps for DFIRGitHub
LogoGitHub - ufrisk/MemProcFS: MemProcFSGitHub
LogoVolatility 3 CheatSheetonfvp

PreviousAnyDeskNextWindows

Last updated