Fileless malware forensics

mars 25, 2019

Fileless malware forensics

This weekend I’ve been watching videos about forensics to look for labs for my students of the Digital Forensic course. I would like to highlight one of them. It’s a fileless malware forensics talk that I will use for the training course. What’s really interesting in this talk is the fileless malware analysis because this kind of malware doesn’t store any file into the operating system but it’s able to execute instructions through the command line while operating in memory. Therefore, it’s really difficult to acquire evidences to know how the malware works.

How a Fileless Attack works

Actually, there are three talks I would like to highlight. The first one is about acquisition in complex incidents. The second one is acquisition in the cloud, which is also really interesting because we can learn how to acquire digital evidences of AWS. The third one is about fileless malware forensics, which shows, step by step, how to analyse the Windows Prefetch folder, web history, event logs, memory, etc from the memory acquisition and triage. It’s an interesting forensics to learn how to analyse a fileless malware.

Keep learning and keep studying my friends!!

Commentaires

sulthan20/1/20 19:27
Hi
Where I can get memory images for memory forensic.
Can you please share the links of resources.
RépondreSupprimer
Réponses

Ajouter un commentaire

Rechercher dans ce blog

David Romero Trejo

Fileless malware forensics

Commentaires

Enregistrer un commentaire

Articles les plus consultés

Improving SSL VPN performance with DTLS

HSRP, VRRP o GLBP

Checksum

Decrypting DTLS traffic with Wireshark

Metodología de redes (FCAPS)

Two FortiGates in a VRRP domain

DNS Load Balancing

MLAG vs vPC vs Stacking

Balanceadores de Carga

Linux Buffer Overflow Example