VolatilityBot – Automated Memory Analyzer

0
0

VolatilityBot is an automation tool for researchers cuts all the guesswork and manual tasks out of the binary extraction phase, or to help the investigator in the first steps of performing a memory analysis investigation. Not only does it automatically extract the executable (exe), but it also fetches all new processes created in memory, code injections, strings, IP addresses, etc.

Some of the current features:

  1. Automated analaysis of malware samples (Based on diff-ing between clean memory image and infected one )
    • Extraction of injected code
    • Dump of new processes
    • Yara scan, static analysis, string extraction, etc. on all outputs
  2. Automated heuristic analysis of memory dumps
    • Detect anomallies using heuristics and dump the relevant code
    • Yara scan, static analysis, string extraction, etc. on all outputs
VolatilityBot – Automated Memory Analyzer

VolatilityBot – Automated Memory Analyzer

This tool will be useful to investigate initial memory analysis investigation or to unpack the malicious code.You can read more and download the tool over here: https://github.com/mkorman90/

Share