This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 5.6 of In-Depth Malware Analysis
RAM acquisition methods, Volatility 3 essential plugins (pslist, psscan, malfind, dlllist, netscan, cmdline), malfind detection criteria, a ten-step analysis workflow, and extracting injected PE files from memory.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
Volatility 3 — Official Documentation
Official Volatility 3 documentation with plugin reference, installation guide, and usage examples.
WinPmem — Memory Acquisition Tool
Free memory acquisition tool for Windows. Single executable, no driver installation required.
MemLabs — Volatility CTF Challenges
Six beginner-to-intermediate memory forensics CTF challenges. Practice Volatility workflows on real memory dumps.
Quadrant 4 · Self-Assessment
In-Depth Malware Analysis
Covers packed malware, manual unpacking, obfuscated PowerShell, fileless malware, code injection, API hooking, memory forensics with Volatility, sandbox analysis, and network signatures.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.