10:41 a.m.
All
I've had great success using recipes out of the Malware Analyst Cookbook. I
particularly like the recipe involving mutantscandb and compare the mutexes in a binary
under investigation with those in my sqlite3 database.
Can anyone tell me how to trace the observed suspicious mutexes in a mutantscandb scan
with the process/binary that owns that mutex?
Jim
~~~~~~~~~~~~~~~~~~~~~~
ACK and you shall receive
2:14 p.m.
Jim,
Have you tried MHL's "handles" plugin:
http://code.google.com/p/volatility/wiki/CommandReference#handles
Thanks,
AW
The Volatility Project
On Sat, 23 Jul 2011, macubergeek wrote:
All
I've had great success using recipes out of the Malware Analyst
Cookbook. I particularly like the recipe involving mutantscandb and
compare the mutexes in a binary under investigation with those in my
sqlite3 database.
Can anyone tell me how to trace the observed suspicious mutexes in a
mutantscandb scan with the process/binary that owns that mutex?
Jim
~~~~~~~~~~~~~~~~~~~~~~
ACK and you shall receive
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
5217
days inactive
5217
days old
vol-users@lists.volatilityfoundation.org
1 comments
2 participants
participants (2)
-
AAron Walters -
macubergeek