Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction
This is the final post in the three-part series: Finding Evil in
Windows 10 Compressed Memory. In the first post (Volatility
and Rekall Tools), the FLARE team introduced updates to
both memory forensic toolkits. These updates enabled these …