akde/infosec

Information security is ultimately about managing risk

Analyzing memory (dumps)

See also memory dump article.

Usual stuff:

grep
strings
hex editor
…

Specialized software:

Thinks to look out for:

System process with invalid parent process id. For example:
- Process system with a parent id (normally, there is always only one instance with no parent process).
- Process scvhost or svch0st (there is only svchost.exe)
- … (see also Incident response training March 2025)

Leave a Reply Cancel reply

You must be logged in to post a comment.

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';