Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Cool combination of tools SANS ISC InfoSec Forums

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cool combination of tools

I've mentioned here before that I'm a big fan of Volatility for analyzing memory images.  In fact, Volatility plays a big part in my upcoming paper on automating malware behavioral analysis (more on that soon).  I'm also a fan of Harlan Carvey's RegRipper, a set of Perl scripts for parsing the Windows registry.  A couple of weeks ago, Brendan Dolan-Gavitt mentioned in his blog that it would be cool to be able to use RegRipper on the in-memory copy of the registry.  Well, today, he posted a way of using RegRipper and Volatility together to do just that.  Very cool, check it out.

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Northern VA - Fairfax 2020

Jim

412 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!