Windows Malware Forensics Reference



Links

Rootkits Subverting the windows kernel

Stealth MBR rootkit

Windows Kernel Exploitation Tutorial Part 1 Setting up the Environment

Windows Kernel Exploitation Tutorial Part 2 Stack Overflow

Windows Kernel Exploitation Tutorial Part 3 Arbitrary Memory Overwrite

Windows Kernel Exploitation Tutorial Part 4 Pool Overflow

Windows Kernel Exploitation Tutorial Part 5 NULL Pointer Dereference

Windows Kernel Exploitation Tutorial Part 6 Uninitialized Stack Variable

Windows Kernel Exploitation Tutorial Part 7 Uninitialized Heap Variable

Windows Kernel Exploitation Tutorial Part 8 Use After Free

Practical Malware Analysis No Starch Press

Practical Malware Analysis Black Hat Kendall McMillan

Malware Forensics Field Guide for Windows Systems Digital Forensics Field

Using Sysinternals System Monitor Sysmon in a Malware Analysis Lab

Hunt Down and Kill Malware with Sysinternals Tools Part 1

Hunt Down and Kill Malware with Sysinternals Tools Part 2 Autoruns

Hunt Down and Kill Malware with Sysinternals Tools Part 3

Process Monitor Filters for Malware Analysis and Forensics

Process Hacker as an Alternative to Process Explorer and Task Manager

Dynamic Malware Analysis Tools Hacking Tutorials

5 Golden Steps to Building a Malware Analysis with Free Tools

Detecting Kernel Mode Rootkits Real Time

PRACTICAL DMA (Direct Memory Access) ATTACK ON WINDOWS 10



Tools

GMER is an application that detects and removes rootkits

Rootkit Analysis Tools

Sophos Virus Removal Tool

OSHI Unhooker, built on advanced rootkit detection algorithms

Sysinternals Suite By Mark Russinovich

Process Hacker Download