Home Videos Windows Memory Analysis

Windows Memory Analysis


As a continuation of the “Introduction to Memory Forensics” video, Richard Davis will show you how to use Volatility to analyze a Windows memory image that contains malware. You’ll first start by using some of the more common plugins that were covered in the previous video, including pstree, pslist, and psscan. Also you’ll look for any processes that stand out as being odd, or potentially malicious. Then, you’ll move on to a more advanced plugin called malfind. As the name implies, malfind helps to locate malicious code within a memory image, including hidden or injected code or DLLs. Next, you’ll look at a similar plugin called hollowfind, which won first place in the 2016 Volatility Plugin Contest, and is designed to automate detection of various process hollowing techniques you may encounter. Lastly, you’ll use procdump to dump a couple of the identified malicious processes. You’ll then hash them, and submit those hashes to VirusTotal to verify the findings.

Load More Related Articles
Load More In Videos


  1. 1chaldea

    January 12, 2022 at 9:42 pm


  2. gay teen cam chat

    January 14, 2022 at 4:39 pm

    gay jerk off chat https://gaytgpost.com/

  3. gay web chat rooms

    January 14, 2022 at 9:46 pm

    gay chat aveneu https://gay-buddies.com/

  4. gay dating, caffmos

    January 15, 2022 at 9:14 pm

    gay stoner dating https://speedgaydate.com/