Baseliner

baseliner.py#

LogoPower Up Memory Forensics with Memory Baseliner Blog by Chad Tilbury | SANS

https://github.com/csababarta/memory-baseliner

Uses a baseline image to check for malicious processes - Easy, quick wins 

python3 /opt/memory-baseliner/baseline.py -proc -i rd01-memory.img  --loadbaseline --jsonbaseline /cases/memory/baseline/Win11x64_proc_baseline.json -o proc_baseline.csv
# convert to CSV 
sed -i 's/|/,/g' proc_baseline.csv

PreviousMemory AcquisitionNextIdentifying Code injection

Last updated