Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deeper research never hurts!

Published byRandolf Lang Modified over 9 years ago

Similar presentations

Presentation on theme: "Deeper research never hurts!"— Presentation transcript:

1

2 @paulacqure @CQUREAcademy

3 Deeper research never hurts!

4

5 Check out the following links: Our tools: http://cqure.pl  Tools http://www.gentilkiwi.com/ - Benjamin Delpy http://code.google.com/p/volatility

6

7

8 Memory dumps contain personal information, but… how personal?

9 Memory Forensics grabs the data at the lowest level: (most) malware cannot hide!

10

11

12 Processes Threads Modules Handles Registry Apihooks Services UserAssist Shellbags ShimCache Event Logs Registry (again) Timeline

13

14

15

16

17

18 Memoryze: Live analysis

19

20

21

22

23

24

25

26

27

28

29

Download ppt "Deeper research never hurts!"

Similar presentations

Malware Artifacts.

Malware Artifacts.
Defense Against the Dark Arts Defense Against The Dark Arts Christiaan Beek IntelSecurity / McAfee Labs.

Defense Against the Dark Arts Defense Against The Dark Arts Christiaan Beek IntelSecurity / McAfee Labs.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.

Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
With great power…comes great responsibility

With great power…comes great responsibility
How to Detect a Memory Leak By Using System Performance Monitor in Windows 2000.

How to Detect a Memory Leak By Using System Performance Monitor in Windows 2000.
THE ART AND METHODOLOGY OF TROUBLESHOOTING Alexey Diomin,

THE ART AND METHODOLOGY OF TROUBLESHOOTING Alexey Diomin,
Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 13 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
9 th TexShare ILL Workshop ILL 101 Preconference Workshop OCLC Policies Directory and other OCLC ILL tips Tim Prather, Amigos Library Services.

9 th TexShare ILL Workshop ILL 101 Preconference Workshop OCLC Policies Directory and other OCLC ILL tips Tim Prather, Amigos Library Services.
G22.3250-001 Robert Grimm New York University Extensibility: SPIN and exokernels.

G Robert Grimm New York University Extensibility: SPIN and exokernels.
COMP205 Comparative Programming Languages Part 1: Introduction to programming languages Lecture 3: Managing and reducing complexity, program processing.

COMP205 Comparative Programming Languages Part 1: Introduction to programming languages Lecture 3: Managing and reducing complexity, program processing.
Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.

Guide to Computer Forensics and Investigations Third Edition Chapter 11 Network Forensics.
2 Debugging Performance Issues, Memory Issues and Crashes in.net Applications Tess Ferrandez - Norlander Support Escalation Engineer Microsoft Session.

2 Debugging Performance Issues, Memory Issues and Crashes in.net Applications Tess Ferrandez - Norlander Support Escalation Engineer Microsoft Session.
Forensic Artifacts From A Pass The Hash (PtH) Attack

Forensic Artifacts From A Pass The Hash (PtH) Attack
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Ch 6. Performance Rating Windows 7 adjusts itself to match the ability of the hardware –Aero Theme v. Windows Basic –Gaming features –TV recording –Video.

Ch 6. Performance Rating Windows 7 adjusts itself to match the ability of the hardware –Aero Theme v. Windows Basic –Gaming features –TV recording –Video.
Have your say We want to make sure postgraduate students have the best possible experience. To do that we need to know what you think, if we are doing.

Have your say We want to make sure postgraduate students have the best possible experience. To do that we need to know what you think, if we are doing.
5. Windows System Artifacts Part 1. Topics Deleted data Hibernation Files Registry.

5. Windows System Artifacts Part 1. Topics Deleted data Hibernation Files Registry.
Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:

Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:
Sept 2009 Web Services Team / ISAS / DMU What does this cover? 1. myDMU information portal 2.Blackboard a web learning system 3. e-mail DMU Google mail.

Sept 2009 Web Services Team / ISAS / DMU What does this cover? 1. myDMU information portal 2.Blackboard a web learning system 3. DMU Google mail.
Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 

Monnappa KA  Info Security Cisco  Member of SecurityXploded  Reverse Engineering, Malware Analysis, Memory Forensics 

Similar presentations

Ads by Google