Finding persistence points (also called "Auto-Start Extensibility Points", or ASEPs) is a recurring task of any investigation potentially involving malware.
To make an analyst's life a bit easier, I came up with the autoruns plugin. autoruns basically automates most of the tasks you would need to run when trying to find out where malware is persisting from. Once all the autostart locations are found, they are matched with running processes in memory.
more here...........https://github.com/tomchop/volatility-autoruns/
To make an analyst's life a bit easier, I came up with the autoruns plugin. autoruns basically automates most of the tasks you would need to run when trying to find out where malware is persisting from. Once all the autostart locations are found, they are matched with running processes in memory.
more here...........https://github.com/tomchop/volatility-autoruns/