Play all

Intro

You are Freaking Awesome!

Memory Forensics IRL

Evidence in Memory

Rekall Memory Forensic Framework

Investigative Methodology: Use Case: Identifying Malware

Interactive Rekall Session

Profile Auto-detection

Session Caching

Process Enumeration pslist Using Volatility

Process Enumeration with Rekall Choose Your Poison Rekall's PSList Methods of Enumeration

Process Scanning with Rekall Output Options

Advantages of Baselining: "Know Normal, Find Evil."

MBR Persistence

Memory Analysis with Rekall Step 1: Identify Roque Processes

Know Normal (Windows Processes), Find Evil

Step 3: Network Connections

Signs of Code Injection

Detect Rootkit Behaviors

Memory Analysis with Rekall Step 6: Acquisition of Notable Findings

AFF4 Volume Format

Live Analysis with Rekall (1)

Live Analysis with Rekall (3) Acquisition

References

Description:

Explore memory forensics techniques and the Rekall Memory Forensic Framework in this 53-minute conference talk from BSides Augusta 2015. Learn about evidence in memory, investigative methodology for identifying malware, and interactive Rekall sessions. Discover process enumeration methods, advantages of baselining, and how to detect rootkit behaviors. Gain insights into live analysis techniques and the AFF4 volume format. Enhance your skills in digital forensics and malware detection through practical demonstrations and real-world use cases.

Building a Muscle Memory with Rekall Memory Forensic Framework

Add to list

#Conference Talks #Information Security (InfoSec) #Cybersecurity #Digital Forensics #Memory Forensics