Fig 2 - uploaded by Mohamed Alshehri
Content may be subject to copyright.
Source publication
This paper compares different open-source tools available to determine which one is the most efficient in different business situations in terms of comprehensive detection, steps for configuration, and utilities for relaying discoveries. These tools include Memhunter, Volatility, and Sysmon.
Contexts in source publication
Context 1
... specific injected processes are what the tools must figure out. Figure 1 shows a simplified diagram of a process injection. Matching Figure 1's numbered steps is Figure 2, an example of one of the injections we performed. ...
Context 2
... allows the library to reflectively load itself using a PE loader that allows it to minimize interactions with the host system and process, as well as determine interactions with the host [19]. The injection command is shown in Figure 2, with the resulting thread created in Figure 5. ...