Wow guys, this video took a long time to finally make. As you can see I actually have two videos because the first one cut out on me. This was the 2nd take and man was it annoying to see I accidentally hit the 'PAUSE' button but kept cheerily talking to myself (I do this a lot anways so it was par for the course). Never mind, here are both videos (the first one should be first).
Like I state in the videos, this is a learning process for me as well so please offer any suggestions/comments. This was a pretty good analysis of a lot of the functionality in Volatility, and probably a bit overkill for what we were up against, but I just wanted to highlight how powerful and extremely useful memory dumps can really be.
Fun Things I Mentioned in the Videos:
HKLM\Enum Registry Keys Information
Fun Command-Line Kung-Fu to find Meterpreter
VirusTotal: upload possibly malicious file/MD5 to determine what the AV guys think
Timeline Analysis: from the SANS website
Timerliner Plugin (and more!) for Volatility: from Gleeda
One of Harlan Carvey's (many) blogs about Timeline Analysis
A article about Sessions, Desktops, and WindowStations...oh my!
Additional Links for Memory Forensics:
Like I state in the videos, this is a learning process for me as well so please offer any suggestions/comments. This was a pretty good analysis of a lot of the functionality in Volatility, and probably a bit overkill for what we were up against, but I just wanted to highlight how powerful and extremely useful memory dumps can really be.
Fun Things I Mentioned in the Videos:
HKLM\Enum Registry Keys Information
Fun Command-Line Kung-Fu to find Meterpreter
VirusTotal: upload possibly malicious file/MD5 to determine what the AV guys think
Timeline Analysis: from the SANS website
Timerliner Plugin (and more!) for Volatility: from Gleeda
One of Harlan Carvey's (many) blogs about Timeline Analysis
A article about Sessions, Desktops, and WindowStations...oh my!
Additional Links for Memory Forensics:
No comments:
Post a Comment