|
000
| 01880nam 2200313za 4500 |
|---|
| 001 | 9.821332 |
|---|
| 003 | CaOODSP |
|---|
| 005 | 20240219183446 |
|---|
| 007 | cr ||||||||||| |
|---|
| 008 | 160719s2013 onc|||||o f000 0 eng d |
|---|
| 040 | |aCaOODSP|beng |
|---|
| 041 | |aeng|bfre |
|---|
| 043 | |an-cn--- |
|---|
| 086 | 1 |aD68-6/155-2013E-PDF |
|---|
| 100 | 1 |aCarbone, Richard. |
|---|
| 245 | 10|aMalware memory analysis for non-specialists |h[electronic resource] : |binvestigating publicly available memory images for Prolaco and SpyEye / |cby R. Carbone. |
|---|
| 260 | |a[Ottawa] : |bDefence Research and Development Canada, |cc2013. |
|---|
| 300 | |axiv, 102 p. : |btables, graphs. |
|---|
| 490 | 1 |aTechnical Memorandum ; |v2013-155 |
|---|
| 500 | |a"October 2013." |
|---|
| 504 | |aIncludes bibliographical references. |
|---|
| 520 | |aThis technical memorandum examines how an investigator can analyse an infected Windows memory dump. The author investigates how to carry out such an analysis using Volatility and other investigative tools, including data carving utilities and anti-virus scanners. Volatility is a popular and evolving open source-based memory analysis framework upon which the author has proposed a memory-specific methodology for aiding fellow novice memory analysts. The author examines how Volatility can be used to find evidence and indicators of infection. This technical memorandum is the second in a series concerning Windows malware-based memory analysis. This current work examines two memory images infected with Prolaco and SpyEye, respectively. |
|---|
| 692 | 07|2gccst|aTechnical reports |
|---|
| 693 | 07|aAntivirus |
|---|
| 693 | 07|aMalware |
|---|
| 693 | 07|aVirus scanner |
|---|
| 710 | 2 |aDefence R&D Canada. |
|---|
| 830 | #0|aTechnical memorandum (Defence R&D Canada)|v2013-155|w(CaOODSP)9.820564 |
|---|
| 856 | 40|qPDF|s1.017 KB|uhttps://publications.gc.ca/collections/collection_2016/rddc-drdc/D68-6-155-2013-eng.pdf |
|---|