00000nam 2200000za 4500 9.821352 CaOODSP 20240219183447 cr ||||||||||| 160720s2013 onc|||||o f000 0 eng d CaOODSP eng eng fre n-cn--- D68-6/177-2013E-PDF Carbone, Richard. Malware memory analysis for non-specialists [electronic resource] : investigating publicly available memory image Ozapftis (R2D2) / by R. Carbone. [Ottawa] : Defence Research and Development Canada, c2013. x, 68 p. : tables, graphs. Technical Memorandum ; 2013-177 "October 2013." Includes bibliographical references. This technical memorandum examines how an investigator can analyse an infected Windows memory dump. The author investigates how to carry out such an analysis using Volatility and other investigative tools, including data carving utilities and anti-virus scanners. Volatility is a popular and evolving open source-based memory analysis framework upon which the author has proposed a memory-specific methodology for aiding fellow novice memory analysts. The author examines how Volatility can be used to find evidence and indicators of infection. This technical memorandum is the third in a series concerning Windows malware-based memory analysis. This current work examines the 0zapftis (R2D2) infected memory image. gccst Technical reports Anti-virus Computer forensics Defence R&D Canada. Technical memorandum (Defence R&D Canada) 2013-177 (CaOODSP)9.820564 PDF 777 KB https://publications.gc.ca/collections/collection_2016/rddc-drdc/D68-6-177-2013-eng.pdf