RA2006: Conduct Memory Analysis

Summary

ID	RA2006
Brief Description	Conduct memory analysis
Author	@ERMACK_COMMUNITY
Creation Date	2023/03/13
References	https://github.com/certsocietegenerale/IRM/blob/main/EN/IRM-2-WindowsIntrusion.pdf
Response Stage	Identification

Description

Memory analysis: - Look for rogue processes - Review process DLLs and handles - Check network artifacts - Look for code injection - Check the presence of rootkits - Dump suspicious processes for further analysis