000	02232cam  2200277za 4500
001	9.807433
003	CaOODSP
005	20221107140137
007	cr |||||||||||
008	150723s2014    onc     ob   f000 0 eng d
040	|aCaOODSP|beng
041	|aeng|bfre
043	|an-cn---
086	1 |aD68-2/176-2014E-PDF
100	1 |aCarbone, Richard.
245	10|aMalware memory analysis of the Jynx2 Linux rootkit |h[electronic resource] : |binvestigating a publicly available Linux rootkit using the Volatility memory analysis framework / |cR. Carbone.
260	|a[Ottawa] : |bDefence Research and Development Canada, |c2014.
300	|axiv, 92, [2] p.
490	1 |aScientific report ; |v2014-R176
500	|aOctober 2014.
504	|aIncludes bibliographical references.
520	|aThis report is the second in a series that will examine Linux Volatility-specific memory malware-based analysis techniques. Windows-based malware memory analysis techniques were analysed in a previous series. Unlike these Windows-based reports, some of the techniques described therein are not applicable to Linux-based analyses including data carving and anti-virus scanning. Thus, with minimal use of scanner-based technologies, the author will demonstrate what to look for while conducting Linux-specific Volatility-based investigations. Each investigation consists of an infected memory image and its accompanying Volatility memory profile that will be used to examine a different open source rootkit. Some of the rootkits are user-land while others are kernel-based. Rootkits were chosen over Trojans, worms and viruses as rootkits tend to be more sophisticated. This specific investigation examines the Jynx2 rootkit. It is hoped that through the proper application of various Volatility plugins combined with an in-depth knowledge of the Linux operating system, these case studies will provide guidance to other investigators in their own analyses.
692	07|2gccst|aComputer security
710	1 |aCanada. |bDefence R&D Canada.
830	#0|aScientific report (Defence R&D Canada)|v2014-R176|w(CaOODSP)9.802305
856	40|qPDF|s600 KB|uhttps://publications.gc.ca/collections/collection_2015/rddc-drdc/D68-2-176-2014-eng.pdf