Memory mounting with MemProcFS? This changes everything...

Our Luke Davis dives into MemProcFS in our latest blog, exploring how this tool has transformed memory forensics. MemProcFS allows memory dumps to be mounted and browsed like file systems, making complex memory structures easy to analyse. 💻

Using MemProcFS, investigators can:

Quickly analyse suspicious processes, like tracking Excel launching malicious code

Monitor network connections tied to ransomware groups and other threats

Explore advanced features like memory timelines and registry browsing to trace system activity and investigate security breaches 🔍

This post is a must-read for anyone delving into digital forensics or curious about memory mounting: 🔗https://www.pentestpartners.com/security-blog/mounting-memory-with-memprocfs-for-advanced-memory-forensics/

#MemoryForensics #MemProcFS #DigitalForensics #Cybersecurity #MalwareAnalysis #Infosec

#MemProcFS is an easy and convenient way of viewing physical memory as files in a virtual file system https://github.com/ufrisk/MemProcFS

First free day I've had in a few weeks so I felt it was time for a new blog post!

Check out "VMware Memory Analysis with MemProcFS"

Huge thanks to @UlfFrisk for creating this incredible tool.

https://blog.ecapuano.com/p/vmware-memory-analysis-with-memprocfs?sd=pf

#DFIR #memprocfs

RT @SkelSec@twitter.com

#pypykatz is in #MemProcFs now!
You mount a live system/memory image, you get a new windows drive then you browse a folder then !BAM! Logon sessions start popping up as txt files with NT/LM/SHA1 secrets AND ALSO KERBEROS KIRBI FILES!!!
Thanks to @UlfFrisk@twitter.com for helping me out!