DID YOU KNOW? DTIC has over 3.5 million final reports on DoD funded research, development, test, and evaluation activities available to our registered users. Click HERE
to register or log in.
Memory Analysis of the KBeast Linux Rootkit: Investigating Publicly Available Linux Rootkit Using the Volatility Memory Analysis Framework
Defence Research and Development Canada - Valcartier Quebec, Quebec Canada
Pagination or Media Count:
This report is the first in a series examining Linux Volatility-specific memory malware-based analysis techniques. With minimal use of scanner-based technologies, the author will demonstrate what to look for while conducting Linux-based memory investigations using Volatility. This investigation consists of a memory image infected by the KBeast rootkit that will be analysed using Volatility. Through the proper application of various Volatility plugins combined with an in-depth knowledge of the Linux operating system, this case study can provide guidance to other investigators in their own Linux-based memory analyses.
APPROVED FOR PUBLIC RELEASE