๐’ƒ๐’†๐’‚๐’–๐’•๐’š ๐’Š๐’๐’•๐’†๐’๐’๐’Š๐’ˆ๐’†๐’๐’•

For3nsic/The Art of Memory Forensic

volatility ์‚ฌ์šฉ๋ฒ• 3

๐“›๐“พ๐“ฌ๐“ฎ๐“ฝ๐“ฎ_๐“ข๐“ฝ๐“ฎ๐“ต๐“ต๐“ช 2015. 11. 19.
728x90
๋ฐ˜์‘ํ˜•

printkey 

์ด ๋ช…๋ น์–ด๋Š” ๋ ˆ์ง€์ŠคํŠธ๋ฆฌ ํ‚ค๊ฐ’์„ ๋ณด์—ฌ์ค€๋‹ค.



netscan

์ด ๋ช…๋ น์–ด๋Š” ํ™œ์„ฑํ™”๋œ ๋„คํŠธ์›Œํฌ ์ •๋ณด๋ฅผ ์•Œ๋ ค์ค€๋‹ค.(windows 7์—์„œ๋งŒ ์‚ฌ์šฉ๊ฐ€๋Šฅ)



connections

๋ช…๋ น์–ด๋ฅผ ์ด์šฉํ•˜์—ฌ ๋„คํŠธ์›Œํฌ๋ฅผ ๊ฒ€์‚ฌํ•œ๋‹ค.

์—ฌ๊ธฐ์„œ ๋” ์ž์„ธํžˆ ์•Œ๊ธฐ์œ„ํ•ด ๋ฐ‘์˜ ๋ช…๋ น์–ด๋ฅผ ์‚ฌ์šฉํ•œ๋‹ค.


connscan 

์ด ๋ช…๋ น์–ด๋Š” ์œ„์˜ ๋ช…๋ น์–ด์™€ ๊ฐ™์ง€๋งŒ ์ด๋ฏธ ๋Š์–ด์ง„ ๋„คํŠธ์›Œํฌ๋„ ๋‚˜ํƒ€๋‚ด ์ค€๋‹ค.


]


yarascan

์ด๋ช…๋ น์–ด๋Š” yara๋ฅผ ์ด์šฉํ•˜์—ฌ ์œ ๋‹ˆ์ฝ”๋“œ ๋“ฑ์„ ๊ฒ€์ƒ‰ํ•˜์—ฌ ์ค€๋‹ค.


728x90
๋ฐ˜์‘ํ˜•
์ €์ž‘์žํ‘œ์‹œ

'For3nsic > The Art of Memory Forensic' ์นดํ…Œ๊ณ ๋ฆฌ์˜ ๋‹ค๋ฅธ ๊ธ€

๋ฉ”๋ชจ๋ฆฌ ํฌ๋ Œ์‹์—์„œ volatility ๋ฅผ ์‚ฌ์šฉํ•˜๋ฉด์„œ ... :)  (0) 2017.01.10
volatility ์‚ฌ์šฉ๋ฒ• 2  (0) 2015.11.19
Volatility ์‚ฌ์šฉ๋ฒ•  (0) 2015.11.18
Memory Forensic Volatility ์„ค์น˜ + ์‹คํ–‰  (0) 2015.11.18
๋ฉ”๋ชจ๋ฆฌ ๋ถ„์„ ์ „ ์•Œ์•„์•ผ ํ•  ์‚ฌํ•ญ๋“ค  (0) 2015.11.14

๋Œ“๊ธ€

ํ‹ฐ์Šคํ† ๋ฆฌํˆด๋ฐ”