Analysis

write-ups for the Memory Analysis of various malwares

Volatility

I'll be using Volatility 2 for analysis because many plugins were written in python2. Alternatively, this can be done with Volatility 3 with the exemption of running a few plugins.

Installing Volatility

Volatility 2 GitHub repo:

GitHub - volatilityfoundation/volatility: An advanced memory forensics frameworkGitHub

$ git clone https://github.com/volatilityfoundation/volatility.git

Using Volatility

$ python2 [path-to-vol.py] -f [path-to-image] --profile=[profile] [plugin]

Command reference

Command ReferenceGitHub

Add plugins

Clone the plugin from their respective github repos.
Add the [plugin].py file into "volatility/plugins/" directory.

Additional info

I create separate folders for each of the memory images that I analyze.
Inside them, various folders are created to dump the output whenever required.

It is recommended to follow along the process and explore the process yourself.

PreviousLab 1 - Beginner's Luck NextStuxnet

Last updated 2 years ago

hashtagVolatility

hashtagInstalling Volatility

hashtagUsing Volatility

hashtagCommand reference

hashtagAdd plugins

hashtagAdditional info