Memory Analysis (Whitepaper)

Advanced malware detection in the enterprise

Posted on 19 January 2017

Traditional malware detection and forensic investigation techniques typically focus on detecting malicious native executables on disk and performing disk forensics to uncover evidence of historical actions on a system.

 

In this paper, we will look at some of the memory resident techniques used by common malware families and how open-source memory analysis frameworks, such as Volatility, can be used to detect evidence of these techniques on compromised systems. Finally, we will look at how we have adopted similar ideas at Countercept, developing capabilities for performing targeted live memory analysis at scale. This enables us to detect unknown malware, making use of these techniques on isolated systems within large enterprise networks.

 

Download Memory Analysis - Advanced Threat Detection 5MB

pdf file format symbol2