Implementasi Volatility dalam Mengalanalisa Malware pada Memory Dump

  • Gregorius Hendita Artha Kusuma Program Studi Teknik Informatika, Fakultas Teknik Universitas Pancasila
Keywords: volatility, malware, memory dump

Abstract

Malware infections on computer systems have become a significant threat to information security. In response to these challenges, memory analysis has proven to be an effective method for detecting and investigating malware activities. In this research, we utilize Volatility, a popular memory forensics tool, to analyze memory dumps from malware-infected systems.

Our primary objective is to identify and uncover artifacts associated with malware infections within the memory dump. We leverage various widely-used Volatility plugins to extract critical information such as malicious processes, modified kernel modules, suspicious network traces, and other malicious entities.

Through a series of analysis steps, we successfully detect the presence of malware infections with a high level of accuracy. We also determine the types and variants of malware involved in the attack. Furthermore, we perform behavioral analysis of the malware, enabling us to understand the objectives, propagation methods, and impact of the infection.

The results of this research provide valuable insights for prevention and mitigation of malware attacks. By utilizing Volatility as a memory forensics analysis tool, researchers and security professionals can effectively identify and combat malware threats. We also outline recommendations for steps to strengthen system security and protect valuable data from future malware attacks.

Published
2023-05-01
Issue
Vol 4 No 1 (2023): Journal of Informatics and Advanced Computing (JIAC)
Section
Articles