Effectively Detecting Modern Malware with Volatility 3

Effectively Detecting Modern Malware with Volatility 3

Level of Instruction: Intermediate

Instructed by: Andrew Case, Lauren Pace, Daniel Donze

Abstract:

Volatility 3 is the latest version of the Volatility Memory Analysis framework and is a complete re-design and rewrite of the framework suited to meet the needs of modern investigations. In this workshop, students will learn Volatility 3’s new features aimed at efficiency and usability as well as all the new and updated Windows plugins capable of detecting modern malware. During the workshop, students will experience a mix of lecture and live demonstration about the latest malware techniques followed by hands-on labs that will require students to analyze infected memory samples. While students complete each lab, instructors will walk to each student’s station to ensure they are progressing. An instructor will also completely walk through each lab live, and students are given a 35+ page PDF lab guide that contains all the lab scenarios, questions, and detailed answers, including many screenshots and explanations. Students can then use the course slides and lab guide to practice labs over time as well as to guide real-world investigations of compromised systems. By attending this workshop, students will leave knowing the most effective ways to detect modern Windows malware using the latest version of the mostly widely used open-source framework for memory analysis.