[Vol-users] Attributing a string to a program

David Bramer david.bramer at gmail.com
Mon Sep 17 07:37:23 CDT 2012


Have a memory dump which I have obtained via DumpIt, I'm then pretty
happy and can use Volatility to find out some of the answers to my
questions. However when I have run Strings on the memory dump I find a
string of great interest. I would like to figure out a means by which
I could find out what created this string.

So far I've created a basic Yara rule and used malfind to no avail. Is
there anything else I could try?



More information about the Vol-users mailing list