Memory analysis of the KBeast Linux rootkit – Investigating publicly available Linux rootkit using the Volatility memory analysis framework

PDF

Authors
  1. Carbone, R.
Corporate Authors
Defence Research and Development Canada, Valcartier Research Centre, Quebec QC (CAN)
Abstract
This report is the first in a series examining Linux Volatility-specific memory malware-based analysis techniques. With minimal use of scanner-based technologies, the author will demonstrate what to look for while conducting Linux-based memory investigations using Volatility. This investigation consists of a memory image infected by the KBeast rootkit that will be analysed using Volatility. Through the proper application of various Volatility plugins combined with an in-depth knowledge of the Linux operating system, this case study can provide guidance to other investigators in their own Linux-based memory analyses.

Il y a un résumé en français ici.

Keywords
anti-virus;antivirus;computer forensics;computer infection;computer memory forensics;digital forensics;digital memory forensics;forensics;infection;linux;malware;memory analysis;memory forensics;memory
Report Number
DRDC-RDDC-2015-R064 — Scientific Report
Date of publication
01 Jun 2015
Number of Pages
90
DSTKIM No
CA040672
CANDIS No
801869
Format(s):
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: