Thursday, January 17, 2013

[Zeus] Registry Analysis Using Volatility Framework


How to analysis a registry from the memory using Volatility Framework.

In this video I’m using Zeus Memory for registry analysis, and l will show F-secure top10 malware registry launchpoints. Not all but some of them


Most trojans, worms, backdoors, and such make sure they will be run after a reboot by introducing autorun keys and values into the Windows registry. Some of these registry locations are better documented than others and some are more commonly used than others. One of the first steps to take when doing forensic analysis is to check the most obvious places in the registry for modifications.

No comments:

Post a Comment