Now Reading
Memory Forensics with Vshot and Remnux

Memory Forensics with Vshot and Remnux

Today we will talk about memory analysis with the help of plugins from the Vshot script. SAMUEL ALONSO gives a list of plugins:


1. dlllist
2. getsids
3. svcscan
4. consoles
5. shimcache
6. userassist
7. cmdscan
8. connections
9. connscan
10. netscan

The author describes in great detail the post each of them, giving examples. Nevertheless you can just see all the processes in memory and analyze their properties one by one, but it is time consuming. Some plugins can be very useful for determining the precise action the attacker did in the car, as well as its objectives. All the plugins used by Vshot are very well chosen and offer a good view to quickly investigate a threat.



Leave a Response