DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1004194
Title:
Malware Memory Analysis for Non-specialists: Investigating Publicly Available Memory Image 0zapftis (R2D2)
Descriptive Note:
Technical Report
Corporate Author:
Defence Research and Development Canada - Valcartier Quebec, Quebec Canada
Report Date:
2013-10-01
Pagination or Media Count:
84.0
Abstract:
This technical memorandum examines how an investigator can analyse an infected Windows memory dump. The author investigates how to carry out such an analysis using Volatility and other investigative tools, including data carving utilities and anti-virus scanners. Volatility is a popular and evolving open source-based memory analysis framework upon which the author has proposed a memory-specific methodology for aiding fellow novice memory analysts. The author examines how Volatility can be used to find evidence and indicators of infection. This technical memorandum is the third in a series concerning Windows malware-based memory analysis. This current work examines the 0zapftis R2D2 infected memory image.
Distribution Statement:
APPROVED FOR PUBLIC RELEASE
