An end-to-end solution to incident responders and forensic analysts Rekall is a collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory samples. The extraction techniques are performed completely independent of the system being investigated but offer visibilty into the runtime state of the system. […]
A constantly updated list — Last update: August 2, 2018 During my daily activities of analysis and research, often I discover new useful tools. I collected them in this list (periodically updated). Enjoy! Detection AnalyzePE — Wrapper for a variety of tools for reporting on Windows PE files. chkrootkit — Linux rootkit detector. Rootkit Hunter — Detect Linux rootkits. Detect-It-Easy — A program for determining types […]
A precious presentation by Pär Österberg Medina about dumping and analyzing a memory dump for detecting rootkits, discovered in the twitter feed of Binni Shah: Covered topics What is a rootkit? Dumping the memory How-to analyze a memory dump? Different rootkit techniques and how we detect it The presentation https://www.terena.org/activities/tf-csirt/meeting27/oesterberg-rootkits.pdf
Anyone who works in cybersecurity should read Practical Malware Analysis.