Abstract Memory Analysis: Zeus Encryption Keys
In case you might have missed it, MHL has an excellent article describing how an analyst can leverage Volatility to locate and extract Zeus’s RC4 encryption keys in physical memory. His informative post also demonstrates how a talented memory analyst can stand on the shoulders of the Volatility community to push memory analysis to new heights!
“This is just one example of taking memory analysis to the next level and I hope it reminds everyone that Volatility isn’t just a tool for carving Windows data structures and finding evidence to correlate with disk, registry, and network artifacts. Volatility is a powerful, flexible tool limited only by your own creativity “
Shoutz to MHL!
