🧠 In Episode 6 of the Everyday Cyber Podcast, host Alex Reid explores the powerful role of memory forensics in both incident response and threat hunting. This episode breaks down the techniques and tools used to uncover hidden malware, detect rootkits, and investigate in-memory attack activity across compromised systems.

Whether you're working with live RAM captures or analyzing memory dumps post-incident, understanding these methods is essential for uncovering advanced adversaries and fileless threats.

🔍 What You’ll Learn in This Episode:

• Core memory forensics concepts for incident responders

• Using tools like Volatility, Velociraptor, and Memory Baseliner

• Identifying code injection, process hollowing, DLL injection, and reflective loading

• Detecting BYOVD attacks, rootkits (DKOM, SSDT, IDT hooks), and thread hijacking

• Investigating suspicious memory regions, handles, VAD trees, and PE headers

• Working with hiberfil.sys, pagefile.sys, .vmem, and .vmsn files

• Understanding fileless malware and “living off the land” techniques

• Using memory to trace attacker tools like Cobalt Strike, Emotet, and Poison Ivy

• Crafting detection rules using YARA, and parsing strings with bstrings

If you're in digital forensics, blue teaming, or threat detection, this episode gives you actionable knowledge for using memory artifacts to expose what attackers try hardest to hide.

memory forensics

incident response podcast

threat hunting

cybersecurity podcast

code injection detection

volatility memory analysis

process hollowing

dll injection

BYOVD malware

rootkit analysis

fileless malware detection

DFIR podcast

malware investigation

advanced threat hunting

Velociraptor forensic tool

memory dump analysis

endpoint forensics

cobalt strike detection

memory artifacts analysis

digital forensics podcast