Memory Forensics On Unix Systems | Unix Systems Memory Forensics Using Volatility

Name: Memory Forensics On Unix Systems | Unix Systems Memory Forensics Using Volatility
Uploaded: Oct 5, 2021
Duration: 2074 s

GISPP ACADEMY11K subscribers

998 views

Oct 5, 2021

34:34

Memory Forensics is an important part of a Digital Forensic investigation. Although acquisition of memory on a Windows-based system is a bit easier, However All UNIX based systems require kernel-specific drivers to do so. Watch us while our Digital Forensics Expert explores different techniques to acquire memory on a Ubuntu system. Here is a breakdown of the video for Easy Access. 00:00 - 00:55 Introduction 00:56 - 04:53 Memory Forensics [Introduction] 04:54 - 08:29 Tools to Acquire Memory on *UNIX Systems 08:30 - 10:17 Difficulties in Acquisition of Memory 10:18 - 12:47 Analyzing Memory Using Volatility 12:48 - 17:54 AVML - Acquire Volatile Memory for Linux 17:55 - 21:01 LinPMem 21:02 - 22:53 LiME 22:54 - 26:03 FMEM 26:04 - 33:52 Building Volatility Profiles 33:53 - 34:31 Conclusion All commands executed to do so are shared in the Gist below. Commands for Memory Acquisition on *UNIX: https://gist.github.com/SyeedHasan/033ba57608aa1f717f96674cd90e1d33 AVML: https://github.com/microsoft/avml LinPMem: https://github.com/Velocidex/c-aff4/releases FMEM: https://github.com/NateBrune/fmem LiME: https://github.com/504ensicsLabs/LiME Volatility: https://github.com/volatilityfoundation/volatility DFIR Expert Profile : Syed Hasan has considerable experience with major SIEM solutions like IBM's QRadar, Microsoft's Azure Sentinel, and AV's USM, EDR solutions like VMWare's Carbon Black and CrowdStrike Falcon, and Cloud Security Solutions like AWS GuardDuty. He is also part of an Incident Response team with sufficient experience in Host Forensics and Cloud Forensics in order to respond to threats in a timely manner. As part of his forensics experience, he has good experience in malware analysis, with continuing focus on reverse-engineering malware. LinkedIn: https://www.linkedin.com/in/syedhasan009/ About GISPP =========== It is an effort by GISPP (Global Information Security Society for Professionals of Pakistan) .GISPP was initiated in 2016 by a group of Pakistani Information Security professionals living and working in Saudi Arabia. You can follow us on our social media links mentioned on our Channel Page . #MemoryForensics #DigitalForensics #Volatility #GISPP #GisppAcademy #GisppTraining #Cybersecurity #Informationsecurity

Download

0 formats

No download links available.