The Perfect Combination of IR, Malware, Forensics, and Winternals
by Volatility | Jun 20, 2013 | forensics, malware, training, volatility, windows
Our Windows Malware and Memory Forensics training course has been described as the “…perfect combination of incident response, malware analysis, memory forensics, and Windows internals.” As you can see below, we do in fact disseminate quite a bit of...MOVP II – 4.5 – Mac Volatility vs the Rubilyn Kernel Rootkit
by Volatility | Jun 11, 2013 | forensics, kernel, macosx, malware, movp, volatility
In our final Month of Volatility Plugins post, we are going to demonstrate a number of plugins that can be used to detect kernel level OS X rootkits. To show these capabilities I am going to analyze a system that is infected with the rubilyn rootkit. I want to thank...MOVP II – 4.4 – What’s in Your Mac OSX Kernel Memory?
by Volatility | Jun 9, 2013 | forensics, kernel, macosx, movp, volatility
Today’s post will discuss a number of plugins that can retrieve forensically interesting information from within the kernel. Keep in mind, you can also use mac_yarascan to search kernel memory with yara signatures and you can use mac_volshell as an interactive...MoVP II – 4.3 – Recovering Mac OS X Network Information from Memory
by Volatility | Jun 7, 2013 | forensics, macosx, movp, volatility
The 2.3 release of Volatility will contain four plugins that are capable of recovering networking information from Mac samples. Combined, these plugins allow for deep inspection of system network activity and can be used in conjunction with network forensics. mac_arp...
You must be logged in to post a comment.