00000nam 2200000za 4500 9.825282 CaOODSP 20240219183455 cr ||||||||||| 161003s2013 quc |o f000 0 eng d CaOODSP eng eng fre n-cn--- D68-6/018-2013E-PDF Carbone, Richard. Malware memory analysis for non-specialists [electronic resource] : investigating a publicly available memory image of the Zeus Trojan Horse / R. Carbone. [Valcartier, Que.] : Defence R&D Canada, c2013. xii, 66 p. Technical memorandum ; 2013-018 "April 2013." Includes bibliographic references. "This technical memorandum examines how an investigator can analyse a Windows-based computer memory dump infected with malware. The author investigates how to carry out such an analysis using Volatility and other investigative tools, including data carving utilities and antivirus scanners. Volatility is a popular and evolving open source-based memory analysis framework. The author has proposed a memory-specific methodology based on a simple investigative process to help fellow novice memory analysts. Once evidence or indicators of malware have been found, the author examines how Volatility can be used to undertake a given memory investigation. This technical memorandum is the first of a series of reports that will be written concerning Windows malware-based memory analysis using Volatility and various malware scanners. This specific work examines a memory image infected with the Zeus Trojan horse"--Abstract, i. Text in English, includes abstract and summary in French. gccst Computer security gccst Viruses Defence R&D Canada. Technical memorandum (Defence R&D Canada) (CaOODSP)9.820564 PDF 788 KB https://publications.gc.ca/collections/collection_2016/rddc-drdc/D68-6-018-2013-eng.pdf