Memory Forensics with Vshot and Remnux

Today we will talk about memory analysis with the help of plugins from the Vshot script. SAMUEL ALONSO gives a list of plugins:

1. dlllist
2. getsids
3. svcscan
4. consoles
5. shimcache
6. userassist
7. cmdscan
8. connections
9. connscan
10. netscan

The author describes in great detail the post each of them, giving examples. Nevertheless you can just see all the processes in memory and analyze their properties one by one, but it is time consuming. Some plugins can be very useful for determining the precise action the attacker did in the car, as well as its objectives. All the plugins used by Vshot are very well chosen and offer a good view to quickly investigate a threat.

More.

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.