Volatility 2.4 at Blackhat Arsenal – Tracking Mac OS X User Activity
by Volatility | Aug 21, 2014 | arsenal, blackhat, forensics, macosx, volatility
This demo shows how to track Mac OS X user activity by examining artifacts in physical memory with Volatility. The video is narrated by Apple’s text to speech and you can find the actual text on the Youtube page. The live/in-person demo was given at...Volatility at Black Hat USA & DFRWS 2014
by Volatility | Jul 7, 2014 | artofmemoryforensics, blackhat, forensics, truecrypt, volatility, win8
Due to another year of open research and giving back to the open source community, Volatility will have a strong presence at both Black Hat USA and DFRWS 2014. This includes presentations, a book signing, and even a party! At Black Hat, the core Volatility Developers...Volatility Memory Forensics and Malware Analysis Training in Australia!
by Volatility | Apr 9, 2014 | forensics, malware, training, volatility, windows
We are happy to announce that our popular Memory Forensics and Malware Analysis Training course is going to be held in Canberra, Australia in August. This is our first offering in Australia, and we are already extremely excited to have a great training session full of...TrueCrypt Master Key Extraction And Volume Identification
by Volatility | Jan 14, 2014 | forensics, training, truecrypt, volatility, win8
One of the disclosed pitfalls of TrueCrypt disk encryption is that the master keys must remain in RAM in order to provide fully transparent encryption. In other words, if master keys were allowed to be flushed to disk, the design would suffer in terms of security...The Secret to 64-bit Windows 8 and 2012 Raw Memory Dump Forensics
by Volatility | Jan 13, 2014 | forensics, kernel, omfw, training, volatility, win8, windows
Those of you who attended OMFW 2013 received a talk on Windows 8 and Server 2012 memory forensics with Volatility. One of the interesting aspects of this new operating system, which includes 8.1 and 2012 R2, is that the kernel debugger data block...
You must be logged in to post a comment.