Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.
Recently i’ve published this post focused on hunting malware using volatility and Yara rules.
Spoiler: shame on DumpIT!
Previously i’ve talked a lot about Volatility, and i’ve published also some articles about YARA. Today i’d like share a brief and simple workflow, useful for a first high-level analysis of memory dumps in order to search the presence of a generic malware.