Comparing the Dexter and BlackPOS (Target) RAM Scraping Techniques
by Volatility | Jan 16, 2014 | malware, pos, ram scaper, windows
Up until yesterday when Brian Krebs wrote A First Look at the Target Intrusion, Malware, there weren’t many details about the involved code. Now that its out there, I thought it might be interesting to see how the “RAM scraping” feature worked...TrueCrypt Master Key Extraction And Volume Identification
by Volatility | Jan 14, 2014 | forensics, training, truecrypt, volatility, win8
One of the disclosed pitfalls of TrueCrypt disk encryption is that the master keys must remain in RAM in order to provide fully transparent encryption. In other words, if master keys were allowed to be flushed to disk, the design would suffer in terms of security...The Secret to 64-bit Windows 8 and 2012 Raw Memory Dump Forensics
by Volatility | Jan 13, 2014 | forensics, kernel, omfw, training, volatility, win8, windows
Those of you who attended OMFW 2013 received a talk on Windows 8 and Server 2012 memory forensics with Volatility. One of the interesting aspects of this new operating system, which includes 8.1 and 2012 R2, is that the kernel debugger data block...The Art of Memory Forensics
by Volatility | Jan 7, 2014 | artofmemoryforensics, forensics, kernel, linux, macosx, malware, training, volatility, windows
By now, some of you may have realized that The Art of Memory Forensics is available for pre-order on Amazon. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory This book is written by 4 of the core Volatility developers...
You must be logged in to post a comment.