Volatility

This article explores advanced memory forensics techniques for detecting malicious activity in memory, including process timelining, high-low level analysis, walking the VAD tree, and detecting rogue processes, kernel-level rootkits, DLL hijacking, process hollowing, and sophisticated persistence mechanisms.

To hide in memory, you must study memory. This guide flips the script on forensics, using Volatility to understand how Blue Teams hunt for your beacons.