Skip to content

f-block/DFRWS-USA-2019

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
other.plugins
other.plugins
 
 
test.setups
test.setups
 
 
tools
tools
 
 
README.md
README.md
 
 
malware.md
malware.md
 
 
ptenum.py
ptenum.py
 
 

Repository files navigation

Note:

The current version of the ptenum plugin can be found here: https://github.com/f-block/volatility-plugins. It has been updated intensely and ported to Volatility3.

For the last (but now outdated) Rekall version see here: https://github.com/f-block/rekall-plugins.

Branch updates contains some updates and instructions for the used tools, so they can be built easily with MinGW. Any changes are solely done in the branch updates. The branch main is at the same state as of writing the paper to allow a unaltered reproducability of our results.

This is the online repository for the paper "Windows Memory Forensics: Detecting (un)intentionally hidden injected Code by examining Page Table Entries" by Frank Block and Andreas Dewald (https://dfrws.org/presentation/windows-memory-forensics-detecting-unintentionally-hidden-injected-code-by-examining-page-table-entries/). It contains all material referenced in the paper, including the resulting Rekall plugin: ptenum.py

On any questions (regarding this research ;-) ) don't hesitate to contact research-codeinjections@f-block.org

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

8 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages