Abstract
This chapter provides the reader with an introduction to memory analysis, used for malware detection, using the open-source tool Volatility. Using Volatility rather than treating a memory dump as a big blob of data allows the examiner to complete a more structured analysis. This chapter demonstrates how to use Volatility to find several key artifacts including different ways of listing processes, finding network connections, and using the module malfind that can detect suspicious instructions. Looking at memory analysis for use as a part of incident response, it usually comes down to finding signs of intrusions or malicious code, as such it is about finding illegal behaviors in the processes loaded into memory. The aim of the chapter is to demonstrate how to accomplish that by showing the reader the basic functionality of Volatility and Redline so that the reader can continue to learn memory analysis on his own.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kävrestad, J. (2020). Malware Analysis. In: Fundamentals of Digital Forensics. Springer, Cham. https://doi.org/10.1007/978-3-030-38954-3_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-38954-3_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-38953-6
Online ISBN: 978-3-030-38954-3
eBook Packages: Computer ScienceComputer Science (R0)