HITB LAB: From Memory Artifacts to Executable Files: Malware Analysis in Memory Forensics

This 120-minute workshop will cover the malware analysis process applied to memory forensics and the current issues and open challenges faced during this process. Memory forensics is one of the steps in computer forensics, regarding to the analysis of digital evidences collected from the memory of the system under analysis after a computer incident. Memory forensics can be useful to retrieve encryption keys, fileless malware, or (some) packed samples. I will provide tips for plugin development in Volatility, the de facto tool for memory forensics, while showing how the process of memory acquisition and analysis is performed in a memory dump, ending with a suspicious executable file for malware analysis.

Please bring:

* A laptop
* Python2.7 environment
* Favorite source code editor

Key learnings / Take-aways:

* Plugin development in Volatility
* Methodology for malware analysis
* Issues and challenges of malware analysis in memory forensics

Location: Track 3 / HITB Labs Date: April 24, 2020 Time: 2:00 pm - 4:00 pm Ricardo J Rodriguez