Malware memory analysis for non-specialists : investigating a publicly available memory image of the Zeus Trojan Horse / R. Carbone. : D68-6/018-2013E-PDF
"This technical memorandum examines how an investigator can analyse a Windows-based computer memory dump infected with malware. The author investigates how to carry out such an analysis using Volatility and other investigative tools, including data carving utilities and antivirus scanners. Volatility is a popular and evolving open source-based memory analysis framework. The author has proposed a memory-specific methodology based on a simple investigative process to help fellow novice memory analysts. Once evidence or indicators of malware have been found, the author examines how Volatility can be used to undertake a given memory investigation. This technical memorandum is the first of a series of reports that will be written concerning Windows malware-based memory analysis using Volatility and various malware scanners. This specific work examines a memory image infected with the Zeus Trojan horse"--Abstract, i.
Lien permanent pour cette publication :
publications.gc.ca/pub?id=9.825282&sl=1
| Ministère/Organisme | Canada. Defence R&D Canada. |
|---|---|
| Titre | Malware memory analysis for non-specialists : investigating a publicly available memory image of the Zeus Trojan Horse / R. Carbone. |
| Titre de la série | Technical memorandum ; 2013-018 |
| Type de publication | Série - Voir l'enregistrement principal |
| Langue | [Anglais] |
| Format | Électronique |
| Document électronique | |
| Note(s) | "April 2013." Includes bibliographic references. Text in English, includes abstract and summary in French. |
| Information sur la publication | [Valcartier, Que.] : Defence R&D Canada, c2013. |
| Auteur / Contributeur | Carbone, Richard. |
| Description | xii, 66 p. |
| Numéro de catalogue |
|
| Descripteurs | Computer security Viruses |
Demander des formats alternatifs
Pour demander une publication dans un format alternatif, remplissez le formulaire électronique des publications du gouvernement du Canada. Utilisez le champ du formulaire «question ou commentaire» pour spécifier la publication demandée.- Date de modification :