Learn Cyber Security

FINDING ADVANCED MALWARE USING VOLATILITY Memory Forensics is the analysis of the memory image taken from the running computer. Memory forensics plays an important role in investigations and incident response. It can help in extracting forensics artifacts from a computer's memory like running process, network connections, loaded modules etc. It can also help in unpacking, Rootkit detection and reverse engineering. When an organization is a victim of advanced malware infection, a quick response action is required to identify the indicators associated with that malware to remediate, establish better security controls and to prevent future ones from occurring. In this article you will learn to detect advance malware infection in memory using a technique called "Memory Forensics" and you will also learn to use Memory Forensic Toolkits such as Volatility to detect advanced malware with a real case scenario. Steps in memory Forensics Below is the list of steps involved i...

PRACTICAL LIVE ANALYSIS AND AUDITING USING REDLINE IOC MODELS What is our challenge in a real case? Our discussion on Redline usage will be divided into two parts. In the first part, presented in this article, we will cover a basic introduction to Redline. In the second part, which will be published in a later issue, we will deal with the IOC Models call methodology. The diversity of malware infections today presents us with a variety of forensic tools to analyze malicious code. Considering classic advice given by Farmer and Venema (2005), whether the tools we use are open source or commercial tools, we must not only understand the usability of each tool but also understand how these tools collect the data to be analyzed by the forensic expert. Two issues emerge from that:       a) What is the quality of the data returned by these tools?       b) What impact do the tools have on the data? Starting from a very basic idea, we decided that every t...