Malware Detection
Malfind2
- Michael Hale Ligh -
http://code.google.com/p/mhl-malware-scripts/
Automates the process of finding and extracting (usually malicious) code injected into another process.
usermode_hooks2
- Michael Hale Ligh -
http://code.google.com/p/mhl-malware-scripts/
Detect IAT/EAT/Inline rootkit hooks in usermode processes.
kernel_hooks
- Michael Hale Ligh -
http://code.google.com/p/mhl-malware-scripts/
Detects IAT, EAT, and in-line hooks in kernel drivers instead of usermode modules.
orphan_threads
- Michael Hale Ligh -
http://code.google.com/p/mhl-malware-scripts/
Detects hidden system/kernel threads.
suspicious
- Jesse Kornblum -
http://jessekornblum.com
Identifies suspicious processes. This version counts any command line running TrueCrypt or any command line that starts with a lower case drive letter as suspicious.
E5h Forensic Solutions
1 Princess Drive, Sawston, Cambridgeshire, CB22 3DL
08709741131
memory@e5hforensics.com
08709741131 
memory@e5hforensics.com