Baseliner

baseliner.py#

Power Up Memory Forensics with Memory BaselinerSANS Institute

https://github.com/csababarta/memory-baseliner

Uses a baseline image to check for malicious processes - Easy, quick wins

python3 /opt/memory-baseliner/baseline.py -proc -i rd01-memory.img  --loadbaseline --jsonbaseline /cases/memory/baseline/Win11x64_proc_baseline.json -o proc_baseline.csv
# convert to CSV 
sed -i 's/|/,/g' proc_baseline.csv

PreviousMemory Acquisition NextIdentifying Code injection

Last updated 1 year ago