The final post in FireEye’s three-part series on Windows 10 memory forensics. This last part looks at how to automate the extraction of undocumented structures from deep within memory using the tools introduced in the earlier parts.
Check out the FireEye presentations at BlackHat and DefCon.
Source: Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction
Leave a Reply