Tyler Halfpop Turn on the Lights! - Case Studies of Malware in Memory
The purpose of this session is to demonstrate via a case studies approach the wealth of information that can be obtained from memory to better detect and understand malware in order to improve incident response and digital forensics capabilities. The problem faced by many defenders searching via traditional methods is that malware often attempts to hide its existence and capabilities from these techniques. A solution to this problem is to analyze the memory of systems in order to bypass most of a malware's camouflage and armor. Evidence will be presented from malware case studies showing some of the amazing capabilities of Volatility, a free open source memory forensics framework. It is my hope that participants will gain the skills to immediately start or improve their use of this outstanding capability of memory forensics.