As antivirus and anti-malware tools have improved, attackers have become sneakier, and begun hiding malicious files when compromising a system. As defenders, it is important to know how to find this malware on an infected system in order to determine how an attacker infected your system, what tools they used, and what actions they accomplished.
In this hands-on course, we will discuss different memory analysis tools and techniques, and will walk you through the steps of identifying hidden malware on a system by dumping the memory and using the Volatility Framework to:
• Discover suspicious ports and processes
• Identify malware on the system
• Determine method of compromise
• identify what actions the attacker has attempted on the system
In addition, we will discuss methods malware uses to hide from the operating system, memory forensics for mobile devices, and alternative forensic techniques when memory dump is not available. Join us for this exciting class!