Analysis
write-ups for the Memory Analysis of various malwares
Last updated
write-ups for the Memory Analysis of various malwares
Last updated
I'll be using Volatility 2 for analysis because many plugins were written in python2. Alternatively, this can be done with Volatility 3 with the exemption of running a few plugins.
Volatility 2 GitHub repo:
Clone the plugin from their respective github repos.
Add the [plugin].py file into "volatility/plugins/" directory.
I create separate folders for each of the memory images that I analyze.
Inside them, various folders are created to dump the output whenever required.
It is recommended to follow along the process and explore the process yourself.