Abstract
This chapter provides the reader with an introduction to memory analysis, used for malware detection, using the open-source tool Volatility. Using Volatility rather than treating a memory dump as a big blob of data allows the examiner to complete a more structured analysis. This chapter demonstrates how to use Volatility to find several key artifacts including different ways of listing processes, finding network connections, and using the module malfind that can detect suspicious instructions. Looking at memory analysis for use as a part of incident response, it usually comes down to finding signs of intrusions or malicious code. It is about finding illegal behaviors in the processes loaded into memory. The aim of the chapter is to demonstrate how to accomplish that by showing the reader the basic functionality of Volatility and Redline so that the reader can continue to learn memory analysis on his own.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Kävrestad, J., Birath, M., Clarke, N. (2024). Malware Analysis. In: Fundamentals of Digital Forensics. Texts in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-031-53649-6_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-53649-6_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-53648-9
Online ISBN: 978-3-031-53649-6
eBook Packages: Computer ScienceComputer Science (R0)