Irregular Expressions

Jun 22 2011   12:12AM GMT

Zeus code walkthrough – Part 7

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

In case you are following at home you will need to go download the following;

- WireShark http://www.wireshark.org/download.html.

- RegShot http://sourceforge.net/projects/regshot/.

Then something to do the disk, process and memory image. I will be using Helix Pro, mainly because I have a copy.  There is several other options available to do this.

You can get Helix Pro here, http://www.e-fense.com/helix3pro.php.

First order of business is to take a snapshot of the registry with RegShot.  Next will be the raw disk image and process / volatile data information using Helix.  I have setup a receiving server and will capturing the disk and memory over the network, then the pdf for the volatile data will be saved.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: