000	02052cam  2200301za 4500
001	9.825282
003	CaOODSP
005	20221107144323
007	cr |||||||||||
008	161003s2013    quc    |o    f000 0 eng d
040	|aCaOODSP|beng
041	|aeng|bfre
043	|an-cn---
086	1 |aD68-6/018-2013E-PDF
100	1 |aCarbone, Richard.
245	10|aMalware memory analysis for non-specialists |h[electronic resource] : |binvestigating a publicly available memory image of the Zeus Trojan Horse / |cR. Carbone.
260	|a[Valcartier, Que.] : |bDefence R&D Canada, |cc2013.
300	|axii, 66 p.
490	1 |aTechnical memorandum ; |v2013-018
500	|a"April 2013."
504	|aIncludes bibliographic references.
520	3 |a"This technical memorandum examines how an investigator can analyse a Windows-based computer memory dump infected with malware. The author investigates how to carry out such an analysis using Volatility and other investigative tools, including data carving utilities and antivirus scanners. Volatility is a popular and evolving open source-based memory analysis framework. The author has proposed a memory-specific methodology based on a simple investigative process to help fellow novice memory analysts. Once evidence or indicators of malware have been found, the author examines how Volatility can be used to undertake a given memory investigation. This technical memorandum is the first of a series of reports that will be written concerning Windows malware-based memory analysis using Volatility and various malware scanners. This specific work examines a memory image infected with the Zeus Trojan horse"--Abstract, i.
546	|aText in English, includes abstract and summary in French.
692	07|2gccst|aComputer security
692	07|2gccst|aViruses
710	1 |aCanada. |bDefence R&D Canada.
830	#0|aTechnical memorandum (Defence R&D Canada)|w(CaOODSP)9.820564
856	40|qPDF|s788 KB|uhttps://publications.gc.ca/collections/collection_2016/rddc-drdc/D68-6-018-2013-eng.pdf