working on live for...
 
Notifications
Clear all

working on live forensic facing issue to Volatality for malware anaylsis

2 Posts
2 Users
0 Reactions
1,801 Views
(@geeths)
Posts: 2
Active Member
Topic starter
 

Environment:Windows Vmware

Problem facing on perform analysis for live forensics -
- Analyzing memory dump using Volatility 2.6

Command:
volatility.exe -f bendump.mem imageinfo

result:
Volatility Foundation Volatility Framework 2.6
INFO : volatility.debug : Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated with no profile)
AS Layer1 : FileAddressSpace (c:\Desktop\volatility_2.6_win64_standalone\volatility_2.6_win64_standalone\bendump.mem)
PAE type : No PAE

- How to use volatility to identify the malware running and the activities done by the malware
malware: Created by Quasarat malware tool

please help

 
Posted : 24/07/2023 5:14 am
(@matthew-kellymaersk-com)
Posts: 2
New Member
 

A good place to go for assistance with Volatility is the GitHub site:

https://github.com/volatilityfoundation/volatility3

There is a link here for the Slack channel, where a lot of the developers and experienced users regularly post.

Sound like the issue may be to do with the memory profile image. If you are using Volatility2 and have a very modern RAM dump OS file, then it may no longer support this. Vol2 has been superseded by Vol3. Many of the plugins for Vol2 haven't been updated to Vol3.

There is a malfind type plugin for Vol3 I believe

 
Posted : 25/07/2023 9:28 am
Share: