[Vol-users] 29c3 defeating windows memory forensics

George M. Garner Jr. ggarner_online at gmgsystemsinc.com
Tue Jan 8 08:44:34 CST 2013


Michael,

On 1/8/2013 7:57 AM, Michael Cohen wrote:
> The real challenge for Dementia the way I see it is to be able to
> identify the DFIR tool in order to interfere with it.

See the section entitled "Parsing Certificates" in Peter Kleissner, 
"Creating an anti-AV scanner...and blocking AV's," 
http://www.stoned-vienna.com/downloads/Creating%20an%20Anti-AV%20scanner%20Article.pdf.

Regards,

gmg.


More information about the Vol-users mailing list