• GitHub
  • Contact
The Volatility Foundation - Promoting Accessible Memory Analysis Tools Within the Memory Forensics Community
  • The Volatility Framework
  • Training
  • Events
  • FAQ
  • Contest
  • About
  • Blog
Select Page

MoVP II – 2.4 – Reconstructing Master File Table (MFT) Entries

by Jamie Levy | May 24, 2013 | forensics, grrcon, movp, timelines, volatility, windows

Today’s blogpost will cover the new mftparser plugin for Volatility. As we demonstrated in the GRRCon Challenge writeup, this plugin can come in quite handy in an investigation and also played a small part in the last MoVP blogpost. Why This Plugin Was Created...

MoVP II – 2.3 – Creating Timelines with Volatility

by Jamie Levy | May 23, 2013 | forensics, grrcon, malware, movp, timelines, windows

A common computer forensic investigative methodology is creating timelines.  Timelines help establish events that took place on the machine prior to investigation.  There are various artifacts in Windows memory that can be used to construct a timeline....

Reverse Engineering Poison Ivy’s Injected Code Fragments

by Volatility | Oct 16, 2012 | code injection, distorm, forensics, grrcon, malware, poison ivy, volatility, windows

This is an addendum to GrrCon Network Forensics Challenge with Volatility. In the initial post we covered the basics – the what, the when, and the how. We found strings in memory, such as the mutex name, the registry Run key, and the svchosts.exe file name; then...

Solving the GrrCon Network Forensics Challenge with Volatility

by Volatility | Oct 11, 2012 | forensics, grrcon, malware, volatility, windows

In this post, we will walk through the process that MHL (@iMHLv2) and I (@attrc) went through to solve the @GrrCon network forensics challenge. Although participants were provided a memory sample, packet capture, and file system timeline, as a personal challenge our...

Volatility Blog Archive

2025

  • + July (1)
  • + May (2)
  • + March (1)

2024

  • + August (1)
  • + July (1)
  • + March (1)

2023

  • + August (1)
  • + July (1)
  • + June (1)
  • + March (1)
  • + February (1)
  • + January (1)

2022

  • + July (1)
  • + February (1)
  • + January (1)

2021

  • + October (1)
  • + August (1)
  • + May (1)
  • + January (1)

2020

  • + November (1)
  • + May (2)

2019

  • + November (1)
  • + October (2)
  • + July (1)
  • + June (1)

2018

  • + November (2)
  • + May (1)
  • + February (1)

2017

  • + November (1)
  • + June (1)
  • + April (1)

2016

  • + December (2)
  • + September (1)
  • + August (2)
  • + July (1)
  • + April (3)

2015

  • + November (2)
  • + October (1)
  • + August (2)
  • + July (2)
  • + June (1)
  • + May (1)
  • + March (1)
  • + February (1)
  • + January (1)

2014

  • + December (1)
  • + October (3)
  • + September (5)
  • + August (6)
  • + July (2)
  • + May (1)
  • + April (2)
  • + February (2)
  • + January (5)

2013

  • + October (3)
  • + September (2)
  • + August (1)
  • + June (9)
  • + May (15)
  • + April (2)
  • + March (2)
  • + February (1)
  • + January (4)

2012

  • + December (2)
  • + November (1)
  • + October (14)
  • + September (19)
bluesky logo
    bluesky logo
    bluesky logo
    bluesky logo
    bluesky logo

    All Content © The Volatility Foundation, a 501(c)(3) Nonprofit Organization.

    All Content © The Volatility Foundation, a 501(c)(3) Nonprofit Organization.

     

    Loading Comments...
     

    You must be logged in to post a comment.