by Volatility | Oct 16, 2012 | code injection, distorm, forensics, grrcon, malware, poison ivy, volatility, windows
This is an addendum to GrrCon Network Forensics Challenge with Volatility. In the initial post we covered the basics – the what, the when, and the how. We found strings in memory, such as the mutex name, the registry Run key, and the svchosts.exe file name; then...
You must be logged in to post a comment.