Accession Number:
AD1004348
Title:
Memory Analysis of the KBeast Linux Rootkit: Investigating Publicly Available Linux Rootkit Using the Volatility Memory Analysis Framework
Descriptive Note:
Technical Report
Corporate Author:
Defence Research and Development Canada - Valcartier Quebec, Quebec Canada
Personal Author(s):
Report Date:
2015-06-01
Pagination or Media Count:
90.0
Abstract:
This report is the first in a series examining Linux Volatility-specific memory malware-based analysis techniques. With minimal use of scanner-based technologies, the author will demonstrate what to look for while conducting Linux-based memory investigations using Volatility. This investigation consists of a memory image infected by the KBeast rootkit that will be analysed using Volatility. Through the proper application of various Volatility plugins combined with an in-depth knowledge of the Linux operating system, this case study can provide guidance to other investigators in their own Linux-based memory analyses.