OMFW 2012: The Analysis of Process Token Privileges
by Volatility | Oct 19, 2012 | malware, omfw, volatility, windows
Reverse engineering windows systems nowadays involves looking at static data, such as executables, symbols, pdbs, and/or dynamic data when debugging with a tool like windbg. Determining data structures and the meaning of their content has proven to be time consuming,...Reverse Engineering Poison Ivy’s Injected Code Fragments
by Volatility | Oct 16, 2012 | code injection, distorm, forensics, grrcon, malware, poison ivy, volatility, windows
This is an addendum to GrrCon Network Forensics Challenge with Volatility. In the initial post we covered the basics – the what, the when, and the how. We found strings in memory, such as the mutex name, the registry Run key, and the svchosts.exe file name; then...MoVP for Volatility 2.2 and OMFW 2012 Wrap-Up
by Volatility | Oct 12, 2012 | forensics, linux, movp, omfw, volatility, windows
The Month of Volatility Plugins and Open Memory Forensics Workshop 2012 have now come to an end. Volatility 2.2 has been released. We hope you enjoyed spending time with us learning about the new features and innovative research that’s being built into the...OMFW 2012: Datalore: Android Memory Analysis
by Volatility | Oct 12, 2012 | android, forensics, kernel, linux, omfw, volatility
This presentation went over the Android specific analysis capabilities of Volatility as well as showed how to use LiME to capture physical memory from Android devices. This functionality will be included in the 2.3 Volatility release. Author/Presenter: Joe Sylve /...
You must be logged in to post a comment.