Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: Cool combination of tools - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cool combination of tools

I've mentioned here before that I'm a big fan of Volatility for analyzing memory images.  In fact, Volatility plays a big part in my upcoming paper on automating malware behavioral analysis (more on that soon).  I'm also a fan of Harlan Carvey's RegRipper, a set of Perl scripts for parsing the Windows registry.  A couple of weeks ago, Brendan Dolan-Gavitt mentioned in his blog that it would be cool to be able to use RegRipper on the in-memory copy of the registry.  Well, today, he posted a way of using RegRipper and Volatility together to do just that.  Very cool, check it out.

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS San Antonio 2020

Jim

408 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!