Memory forensics is a key component of any incident investigation involving endpoints. It can help determine whether an infection did in fact occur, and if so, what type of threat is involved. However, most SOC/IR teams do not fully utilize memory forensics techniques as part of their investigations usually from lack of time or technical know-how.
In this talk, we will show you how Intezer's endpoint scanner and Volatility plugin analyze live endpoints and entire memory dumps, providing deep insights and quick verdicts by identifying malicious code reuse within memory modules. These memory forensics tools can be incorporated as part of any incident and done at scale for many endpoints within a company.