MOVP II – 4.1 – Leveraging Process Cross-View Analysis for Mac Rootkit Detection
by Volatility | Jun 5, 2013 | macosx, malware, movp, volatility
In our final week of Month of Volatility Plugins II we will analyze the wide range of memory forensics capabilities against Mac OS X systems that are included in the latest release of Volatility (version 2.3). These capabilities span 38 different builds including 32-...MoVP II – 3.5 – Utilizing the kmem_cache for Android Memory Forensics
by Volatility | Jun 4, 2013 | android, forensics, kernel, linux, malware, movp, volatility
This post will discuss utilizing plugins that leverage the kmem_cache in order to perform deep memory forensics of Android devices. In previous Linux posts, we have briefly mentioned these plugins, but a full walk through has not been done. Also, as we will see, these...MoVP II – 3.4 – Checking the ARM (Android) System Call Table and Exception Vector Table for Signs of Rootkits
by Volatility | Jun 3, 2013 | android, forensics, malware, movp, volatility
In this post we are going to discuss two Volatility plugins that are specific to the ARM platform. Both of these plugins were contributed by Joe Sylve. linux_check_syscall_arm The first, linux_check_syscall_arm, enumerates each entry of the system call table to see if...
You must be logged in to post a comment.