Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Cool combination of tools - SANS Internet Storm Center SANS ISC InfoSec Forums

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cool combination of tools

I've mentioned here before that I'm a big fan of Volatility for analyzing memory images.  In fact, Volatility plays a big part in my upcoming paper on automating malware behavioral analysis (more on that soon).  I'm also a fan of Harlan Carvey's RegRipper, a set of Perl scripts for parsing the Windows registry.  A couple of weeks ago, Brendan Dolan-Gavitt mentioned in his blog that it would be cool to be able to use RegRipper on the in-memory copy of the registry.  Well, today, he posted a way of using RegRipper and Volatility together to do just that.  Very cool, check it out.


400 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!