Explore memory forensics techniques and tools in this BSides Detroit 2017 conference talk. Dive into the world of digital investigation as Kyle demonstrates how to acquire and analyze computer memory using tools like Sift Workstation and Volatility. Learn to identify suspicious processes, detect malware, and uncover user activity through memory artifacts. Discover practical examples of user data theft and malware hunting techniques, including analyzing mail signs, network connections, and browser history. Gain insights into powerful forensic commands and other valuable artifacts that can aid in cybersecurity investigations and incident response.
Overview
Syllabus
Intro
Meet Kyle
What is forensics
Sift Workstation
Acquiring Memory
Capture Memory
Volatility
Memory Profile
View Processes
Mail Signs
CATs
Example
Netscan
Councils
CREP
VirusTotal
Autorun
Browsing History
Commands
Other good artifacts
Admin Verse
Chrome Search Terms
Powershell
