In recent years, malware forensics has become increasingly important as cybercriminals destroy retail, technology, and financial institutions.

In addition to causing harm to governmental and private organizations alike, cybercrime also involves malware, which is frequently used to install Trojans, worms, and botnets on infected devices. There are different types of malware that cybercriminals use to infect users get credentials, and access critical and valuable information.

The list of malware types focuses on the most common and general categories of infection, which include:

1-Ransomware
2-Rootkit
3-Backdoors
4-Keyloggers
5-Browser Hijacker
6-Worm
7-Trojan
8-Virus
9-Adware
10-Spyware

Memory forensics is the process of analyzing volatile data from a computer’s memory dump. Several information security professionals perform this analysis to identify attacks or malicious behaviors that are not readily detectable on hard drive data.

In addition, it investigates sophisticated computer attacks that do not leave any data on the hard drive of the computer.

These tools and frameworks can help you conduct effective memory forensics and analysis:

MemProcFS from Threat Zone: Memory Process File System (MemProcFS) allows you to view physical memory as virtual files. A big shoutout to Ulf Frisk.

CSI from Threat Zone: Crime Scene Investigation is designed to provide you with tools and a test environment.

Volatility: Volatility is the memory forensics framework. It is used for incident response and malware analysis.

Rekall: Framework allowed for limited modularization due to the nature of interdependent in-memory structure and early architectural decisions.

DARKSURGEON: Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.

ir-rescue: composed of two sister scripts that collect a myriad of forensic data from 32-bit and 64-bit Windows systems (ir-rescue-win) and from Unix systems (ir-rescue-nix).

Malware developers continue to find ways to bypass forensics techniques. A variety of tools and techniques are available to overcome cybercriminals' anti-forensics measures.

Try Threat Zone now! 👉 https://threat.zone/

Thanks for reading.

Have a good one!

References:

Volatility Foundation

Volatility Foundation has 7 repositories available. Follow their code on GitHub.

GitHub

GitHub - google/rekall: Rekall Memory Forensic Framework

Rekall Memory Forensic Framework. Contribute to google/rekall development by creating an account on GitHub.

GitHubgoogle

GitHub - cryps1s/DARKSURGEON: DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense.

DARKSURGEON is a Windows packer project to empower incident response, digital forensics, malware analysis, and network defense. - GitHub - cryps1s/DARKSURGEON: DARKSURGEON is a Windows packer proje…

GitHubcryps1s

GitHub - diogo-fernan/ir-rescue: A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response.

A Windows Batch script and a Unix Bash script to comprehensively collect host forensic data during incident response. - GitHub - diogo-fernan/ir-rescue: A Windows Batch script and a Unix Bash scrip…

GitHubdiogo-fernan