Solving the GrrCon Network Forensics Challenge with Volatility
by Volatility | Oct 11, 2012 | forensics, grrcon, malware, volatility, windows
In this post, we will walk through the process that MHL (@iMHLv2) and I (@attrc) went through to solve the @GrrCon network forensics challenge. Although participants were provided a memory sample, packet capture, and file system timeline, as a personal challenge our...Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit
by Volatility | Oct 10, 2012 | kernel, malware, movp, volatility
Month of Volatility Plugins In this blog post I will analyze the Phalanax2 rootkit using both Volatility as well as traditional malware analysis techniques. Phalanx2 Phalanx2 (P2) is the latest version of a private rootkit, whose original source was leaked to...OMFW 2012: Reconstructing the MBR and MFT from Memory
by Jamie Levy | Oct 9, 2012 | forensics, omfw, volatility, windows
This presentation introduced two new Volatility plugins: mbrparser and mftparser which will be released in Volatility 2.3. These plugins empower the investigator to explore possible MBR infections or in the case of mftparser, files that are in use on the system....OMFW 2012: Malware In the Windows GUI Subsystem
by Volatility | Oct 8, 2012 | forensics, kernel, malware, omfw, volatility, windows
This presentation introduced Volatility’s new win32k suite – a set of plugins and APIs that make it possible to perform malware analysis and memory forensics based on artifacts in the Windows GUI subsystem. This subsystem plays a part in nearly everything...
You must be logged in to post a comment.