What do you do when you know there is more to the story than what the tool is reporting back to you?'this presentation will walk through a case study where the tool was pointing to signs of code injection, but only telling half the story. 'We will demonstrate tips and techniques the analyst can use when doing memory analysis to complete the findings, locate the injected and analyze the injected code and validate the tools output.