Skip to main content
SpringerLink
Log in

Malware Analysis

  • Chapter
  • First Online:
Fundamentals of Digital Forensics

Part of the book series: Texts in Computer Science ((TCS))

  • 104 Accesses

Abstract

This chapter provides the reader with an introduction to memory analysis, used for malware detection, using the open-source tool Volatility. Using Volatility rather than treating a memory dump as a big blob of data allows the examiner to complete a more structured analysis. This chapter demonstrates how to use Volatility to find several key artifacts including different ways of listing processes, finding network connections, and using the module malfind that can detect suspicious instructions. Looking at memory analysis for use as a part of incident response, it usually comes down to finding signs of intrusions or malicious code. It is about finding illegal behaviors in the processes loaded into memory. The aim of the chapter is to demonstrate how to accomplish that by showing the reader the basic functionality of Volatility and Redline so that the reader can continue to learn memory analysis on his own.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.virustotal.com/.

  2. 2.

    https://www.fireeye.com/services/freeware/redline.html.

Author information

Authors and Affiliations

  1. Jönköping School of Engineering, Jönköping, Sweden

    Joakim Kävrestad

  2. School of Informatics, University of Skövde, Skövde, Sweden

    Marcus Birath

  3. School of Engineering, Computing and Mathematics, University of Plymouth, Plymouth, UK

    Nathan Clarke

Authors
  1. Joakim Kävrestad
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marcus Birath
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nathan Clarke
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joakim Kävrestad .

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Kävrestad, J., Birath, M., Clarke, N. (2024). Malware Analysis. In: Fundamentals of Digital Forensics. Texts in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-031-53649-6_21

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-53649-6_21

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-53648-9

  • Online ISBN: 978-3-031-53649-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation