[GTALUG] ECFS - memory analysis of a process snapshot.

[Russell Reiter]

Here's an interesting video from Defcon 23 regarding ECFS for finer
grained ELF tracking of hijacks and other problem code. It can recover
full truncated text segments and reconstruct original section headers
from core dumps among other things.

They've dubbed it process necromancy. I guess this comes from its
ability to snapshot a process without killing it and even reanimate a
process from a snapshot.

https://www.youtube.com/watch?v=fCJJnJ84MSE