Windows Memory Analysis Project Page

Performed Windows memory forensics with Volatility (WinXP SP2 x86): profiled the image, enumerated processes/DLLs/handles, and maintained full chain-of-custody
Identified and validated hxdef rootkit and Poison Ivy RAT; extracted artifacts using malfind, dlldump, and strings to support attribution
Reconstructed an attack timeline by correlating PIDs, executables, network activity (using cryptcat/netcat); delivered a concise, screenshot-backed incident report with actions