Volatility 2.4 at Blackhat Arsenal – Tracking Mac OS X User Activity
by Volatility | Aug 21, 2014 | arsenal, blackhat, forensics, macosx, volatility
This demo shows how to track Mac OS X user activity by examining artifacts in physical memory with Volatility. The video is narrated by Apple’s text to speech and you can find the actual text on the Youtube page. The live/in-person demo was given at...New Volatility 2.4 Cheet Sheet with Linux, Mac, and RTFM
by Volatility | Aug 18, 2014 | artofmemoryforensics, linux, macosx, training, volatility, windows
Our Windows Malware and Memory Forensics Training class is intense and rigorous, because its designed to reflect real world investigations. When you have a limited amount of time and you’re being pressured for reliable answers – every minute counts....New Paper: In Lieu of Swap: Analyzing Compressed RAM in Mac OS X and Linux
by Volatility | Aug 14, 2014 | linux, macosx, volatility
A research paper (slides here) ( X dfrws.org/2014/proceedings/presentations/DFRWS2014-p1.pdf) that I worked on with Golden G. Richard was recently published at DFRWS 2014 ( X dfrws.org/2014/program.shtml) and received the Best Paper award! The paper, In Lieu of Swap:...Presenting Volatility Foundation Volatility Framework 2.4
by Volatility | Aug 13, 2014 | artofmemoryforensics, blackhat, kernel, linux, macosx, malware, truecrypt, volatility, win8
The release of this new Volatility version coincides with the publication of The Art of Memory Forensics. It adds support for Windows 8, 8.1, 2012, and 2012 R2 memory dumps, Mac OS X Mavericks (up to 10.9.4), and Linux kernels up to 3.16. New plugins include the...
You must be logged in to post a comment.