I've mentioned here before that I'm a big fan of Volatility for analyzing memory images. In fact, Volatility plays a big part in my upcoming paper on automating malware behavioral analysis (more on that soon). I'm also a fan of Harlan Carvey's RegRipper, a set of Perl scripts for parsing the Windows registry. A couple of weeks ago, Brendan Dolan-Gavitt mentioned in his blog that it would be cool to be able to use RegRipper on the in-memory copy of the registry. Well, today, he posted a way of using RegRipper and Volatility together to do just that. Very cool, check it out. I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022 |
Jim 423 Posts ISC Handler Mar 1st 2009 |
Thread locked Subscribe |
Mar 1st 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!