Beyond Strings – Memory Analysis during Incident Response

DerbyCon 2.0 - The Reunion

Presented by: J. Brett Cunningham (jbc22)
Date: Saturday September 29, 2012
Time: 14:30 - 14:55
Location: Track 5
Track: Stable Talks

During the incident response process, memory can be one of the sexiest places to look for information. We will identify specific structures and their data members that can help further an investigation and see how that fits into the bigger picture. We will also look at how and why those structures are created, whether it is a function of the operating system or the by-product of malware.

J. Brett Cunningham

Brett Cunningham has primarily worked as a network defender and incident responser. He is active in the community, often providing support for Snorby and Sguil users.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats