Skip to main content

Art_of_memory_forensics_detecting_malware_and_t... < Latest · 2024 >

While traditional forensics focuses on "dead" disks, memory forensics captures the "living" state of a machine. It reveals:

Capturing a "snapshot" of the RAM. Because RAM is volatile, this must be done carefully to minimize the "observer effect"—the act of changing the memory state by running the capture tool itself. art_of_memory_forensics_detecting_malware_and_t...

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory While traditional forensics focuses on "dead" disks, memory

The process generally follows three major phases, popularized by experts like the authors of The Art of Memory Forensics : art_of_memory_forensics_detecting_malware_and_t...

Focuses on structures like the EPROCESS block and VAD (Virtual Address Descriptor) trees to find hidden code.

Requires understanding the Mach-O binary format and how the macOS kernel manages tasks and memory segments.


reach logo

At Reach and across our entities we and our partners use information collected through cookies and other identifiers from your device to improve experience on our site, analyse how it is used and to show personalised advertising. You can opt out of the sale or sharing of your data, at any time clicking the "Do Not Sell or Share my Data" button at the bottom of the webpage. Please note that your preferences are browser specific. Use of our website and any of our services represents your acceptance of the use of cookies and consent to the practices described in our Privacy Notice and Terms and Conditions.