Category: Dfir

Forensics, Python

Rekall, a framework for memory forensic

An end-to-end solution to incident responders and forensic analysts Rekall is a collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system. […]

Cybersecurity, Malware Analysis

Malware analysis, my own list of tools and resources

A constantly updated list — Last update: August 2, 2018 During my daily activities of analysis and research, often I discover new useful tools. I collected them in this list (periodically updated). Enjoy! Detection AnalyzePE — Wrapper for a variety of tools for reporting on Windows PE files. chkrootkit — Linux rootkit detector. Rootkit Hunter — Detect Linux rootkits. Detect-It-Easy — A program for determining types […]

Cybersecurity, Dfir

Pär Österberg Medina: Detecting Rootkits in Memory Dumps

A precious presentation by Pär Österberg Medina about dumping and analyzing a memory dump for detecting rootkits, discovered in the twitter feed of Binni Shah: Covered topics What is a rootkit? Dumping the memory How-to analyze a memory dump? Different rootkit techniques and how we detect it The presentation https://www.terena.org/activities/tf-csirt/meeting27/oesterberg-rootkits.pdf