“Acquiring a Memory Dump from Fleeting Malware”

Introduction The acquisition of process memory during behavioural analysis of malware can provide quick and detailed insight. Examples of where it can be really useful include packed malware, which may be in a more accessible state while running, and malware, which receives live configuration updates from the internet and stores them in memory. Unfortunately the … Continue reading Acquiring a Memory Dump from Fleeting Malware

This is a Security Bloggers Network syndicated blog post authored by Adam Kramer. Read the original post at: SANS Digital Forensics and Incident Response Blog