Practical Memory Forensics by Svetlana Ostrovskaya and Oleg Skulkin

Practical Memory Forensics by Svetlana Ostrovskaya and Oleg Skulkin

Author:Svetlana Ostrovskaya and Oleg Skulkin
Language: eng
Format: epub
Publisher: Packt Publishing Pvt Ltd
Published: 2022-02-08T00:00:00+00:00


Figure 5.48 – System.evtx

In Figure 5.48, you can see an example of a malicious service. Note that the executable file is located in the user's temporary folder.

Another way to analyze services is to use special Volatility plugins. For example, you can use the svcscan plugin to get information about the running services, service names, types, states, binary paths, and more, as shown in Figure 5.49:

Figure 5.49 – The svcscan output

There is another plugin developed by the community called autoruns (https://github.com/tomchop/volatility-autoruns/blob/master/autoruns.py):



Download



Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.