|
I've mentioned here before that I'm a big fan of Volatility for analyzing memory images. In fact, Volatility plays a big part in my upcoming paper on automating malware behavioral analysis (more on that soon). I'm also a fan of Harlan Carvey's RegRipper, a set of Perl scripts for parsing the Windows registry. A couple of weeks ago, Brendan Dolan-Gavitt mentioned in his blog that it would be cool to be able to use RegRipper on the in-memory copy of the registry. Well, today, he posted a way of using RegRipper and Volatility together to do just that. Very cool, check it out. I will be teaching next: Malware Reverse-Engineering Challenge - SANS Bethesda 2020 |
Jim 412 Posts ISC Handler |
| Subscribe |
Mar 1st 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!
