In this episode, we'll look at the new way to dump process executables in Volatility 3. We'll also walk through a typical memory analysis scenario in doing so, providing a quick refresher on how to zero in on a potentially suspicious process.
*** If you enjoy this video, please consider supporting 13Cubed on Patreon at patreon.com/13cubed. ***
📖 Chapters
00:00 - Intro
01:21 - Scenario: Finding Evil Processes
06:08 - Dumping Process Executables
08:26 - Recap
🛠 Resources
Volatility 3 Beta:
https://github.com/volatilityfoundation/volatility3
#Forensics #DigitalForensics #DFIR #ComputerForensics #WindowsForensics
