DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click
HERE to register or log in.
Accession Number:
AD1004348
Title:
Memory Analysis of the KBeast Linux Rootkit: Investigating Publicly Available Linux Rootkit Using the Volatility Memory Analysis Framework
Descriptive Note:
Technical Report
Corporate Author:
Defence Research and Development Canada - Valcartier Quebec, Quebec Canada
Report Date:
2015-06-01
Pagination or Media Count:
90.0
Abstract:
This report is the first in a series examining Linux Volatility-specific memory malware-based analysis techniques. With minimal use of scanner-based technologies, the author will demonstrate what to look for while conducting Linux-based memory investigations using Volatility. This investigation consists of a memory image infected by the KBeast rootkit that will be analysed using Volatility. Through the proper application of various Volatility plugins combined with an in-depth knowledge of the Linux operating system, this case study can provide guidance to other investigators in their own Linux-based memory analyses.
Distribution Statement:
APPROVED FOR PUBLIC RELEASE