Linux Memory Analysis with Volatility- 101, Compromised Linux System
Ғылым және технология
Linux memory analysis is a well known and researched topic. You're likely familiar with many tools that allow us to capture memory from a Windows system. But, have you ever wondered memory capture process for Linux system? And how can you analyze them using Volatility? Well, wait no longer, because that's exactly what we'll cover in this episode! I will show you the easiest process to perform memory capture for a Linux system and how to prepare your volatility tool to parse that memory dump to extract valuable information at the time of doing forensics investigation!
In today's episode I have tried to show you from scratch how can you analyze the memory of an infected Linux machine. What are the basic steps, basic plugins, how they differ from windows and how to pivot from one analytics to another.
👉Watch this episode- • Linux Memory Capture a... for creation of Linux Kernel profile for volatility.
WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉 • BlackPerl DFIR || INC...
DFIR Free Tools and Techniques 👉 • BlackPerl DFIR || DFIR...
Windows and Memory Forensics 👉 • BlackPerl DFIR || Wind...
Malware Analysis 👉 • BlackPerl DFIR || Malw...
SIEM Tutorial 👉 • BlackPerl DFIR || Lear...
Threat Hunt & Threat Intelligence 👉 • BlackPerl DFIR || Thre...
Threat Hunt with Jupyter Notebook👉 • Threat Hunt with Jupyt...
📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn: / blackperl
✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: github.com/archanchoudhury
✔ Insta: (blackperl_dfir) / blackperl_dfir
✔ Can be reached via support@blackperldfir.com
🙏Credit-
-------------------------------------------------------------------------------------------------------------------------
The sample memory image and this episode is influenced by the CTF prepared by 2phi and Nofix on CyberDefenders Platform. Huge Shout out to the Team for preparing this challenge. You can practice and complete the challenge from here- cyberdefenders.org/blueteam-c...
The answers need to be obtained by yourself and none of them have been provided here in this episode!
Пікірлер: 14
Linux memory analysis is a well known and researched topic. You're likely familiar with many tools that allow us to capture memory from a Windows system. But, have you ever wondered memory capture process for Linux system? And how can you analyze them using Volatility? Well, wait no longer, because that's exactly what we'll cover in this episode! I will show you the easiest process to perform memory capture for a Linux system and how to prepare your volatility tool to parse that memory dump to extract valuable information at the time of doing forensics investigation! In today's episode I have tried to show you from scratch how can you analyze the memory of an infected Linux machine. What are the basic steps, basic plugins, how they differ from windows and how to pivot from one analytics to another. 👉Watch this episode- kzread.info/dash/bejne/l39hu5iGqbCxhqg.html for creation of Linux Kernel profile for volatility. WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course 👉kzread.info/head/PLj... DFIR Free Tools and Techniques 👉 kzread.info/head/PLj... Windows and Memory Forensics 👉 kzread.info/head/PLj... Malware Analysis 👉 kzread.info/head/PLj... SIEM Tutorial 👉 kzread.info/head/PLj... Threat Hunt & Threat Intelligence 👉 kzread.info/head/PLj... Threat Hunt with Jupyter Notebook👉 kzread.info/head/PLj... 📞📲 FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: www.linkedin.com/company/blac... ✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Git: github.com/archanchoudhury ✔ Insta: (blackperl_dfir)instagram.com/blackperl_d... ✔ Can be reached via archan.fiem.it@gmail.com 🙏Credit- ------------------------------------------------------------------------------------------------------------------------- The sample memory image and this episode is influenced by the CTF prepared by 2phi and Nofix on CyberDefenders Platform. Huge Shout out to the Team for preparing this challenge. You can practice and complete the challenge from here- cyberdefenders.org/blueteam-c... The answers need to be obtained by yourself and none of them have been provided here in this episode!
Thanks for making the video 👍
@BlackPerl
Жыл бұрын
Glad it is helpful
Love it Sir learning a lot from you my inspiration
@BlackPerl
Жыл бұрын
Thank you
Need more of these threat hunting via memory forensics,
@BlackPerl
Жыл бұрын
Thank you. Sure, will do more
@granvillaustine8327
Жыл бұрын
@@BlackPerl looking forward to network forensics too! Much love ❤️
Please continue your threat Intelligence series
@BlackPerl
Жыл бұрын
Yep. Will do
Your content is superb !!! 👍 you should also make hindi channel Because there are very few Hindi channels here which give such content.
@BlackPerl
Жыл бұрын
Thank you for your suggestion
Learnt much, tu
@BlackPerl
Жыл бұрын
Excellent