• GitHub
  • Contact
The Volatility Foundation - Promoting Accessible Memory Analysis Tools Within the Memory Forensics Community
  • The Volatility Framework
  • Training
  • Events
  • FAQ
  • Contest
  • About
  • Blog
Select Page

The Art of Memory Forensics

by Volatility | Jan 7, 2014 | artofmemoryforensics, forensics, kernel, linux, macosx, malware, training, volatility, windows

By now, some of you may have realized that The Art of Memory Forensics is available for pre-order on Amazon. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory This book is written by 4 of the core Volatility developers...

MOVP II – 4.5 – Mac Volatility vs the Rubilyn Kernel Rootkit

by Volatility | Jun 11, 2013 | forensics, kernel, macosx, malware, movp, volatility

In our final Month of Volatility Plugins post, we are going to demonstrate a number of plugins that can be used to detect kernel level OS X rootkits. To show these capabilities I am going to analyze a system that is infected with the rubilyn rootkit. I want to thank...

MOVP II – 4.4 – What’s in Your Mac OSX Kernel Memory?

by Volatility | Jun 9, 2013 | forensics, kernel, macosx, movp, volatility

Today’s post will discuss a number of plugins that can retrieve forensically interesting information from within the kernel. Keep in mind, you can also use mac_yarascan to search kernel memory with yara signatures and you can use mac_volshell as an interactive...

MoVP II – 3.5 – Utilizing the kmem_cache for Android Memory Forensics

by Volatility | Jun 4, 2013 | android, forensics, kernel, linux, malware, movp, volatility

This post will discuss utilizing plugins that leverage the kmem_cache in order to perform deep memory forensics of Android devices. In previous Linux posts, we have briefly mentioned these plugins, but a full walk through has not been done. Also, as we will see, these...

MoVP II – 3.2 – Linux/Android Memory Forensics with Python and Yara

by Volatility | May 30, 2013 | android, forensics, kernel, linux, movp, volatility

In this post we will describe the Linux volshell and yarascan plugins. In previous releases of Volatility, these plugins only supported Windows samples, but starting with 2.3 you can interactively explore your Linux memory dumps (from a Python shell) or scan process...

MoVP II – 2.5 – New and Improved Windows Plugins

by Volatility | May 28, 2013 | forensics, kernel, malware, movp, volatility, windows

The Volatility 2.3 release will include several new and improved Windows plugins. This post will summarize their purpose, point you to additional information if they’ve been mentioned in previous blog posts, and show example usage scenarios for the...
« Older Entries
Next Entries »

Volatility Blog Archive

2026

  • + March (1)

2025

  • + July (1)
  • + May (2)
  • + March (1)

2024

  • + August (1)
  • + July (1)
  • + March (1)

2023

  • + August (1)
  • + July (1)
  • + June (1)
  • + March (1)
  • + February (1)
  • + January (1)

2022

  • + July (1)
  • + February (1)
  • + January (1)

2021

  • + October (1)
  • + August (1)
  • + May (1)
  • + January (1)

2020

  • + November (1)
  • + May (2)

2019

  • + November (1)
  • + October (2)
  • + July (1)
  • + June (1)

2018

  • + November (2)
  • + May (1)
  • + February (1)

2017

  • + November (1)
  • + June (1)
  • + April (1)

2016

  • + December (2)
  • + September (1)
  • + August (2)
  • + July (1)
  • + April (3)

2015

  • + November (2)
  • + October (1)
  • + August (2)
  • + July (2)
  • + June (1)
  • + May (1)
  • + March (1)
  • + February (1)
  • + January (1)

2014

  • + December (1)
  • + October (3)
  • + September (5)
  • + August (6)
  • + July (2)
  • + May (1)
  • + April (2)
  • + February (2)
  • + January (5)

2013

  • + October (3)
  • + September (2)
  • + August (1)
  • + June (9)
  • + May (15)
  • + April (2)
  • + March (2)
  • + February (1)
  • + January (4)

2012

  • + December (2)
  • + November (1)
  • + October (14)
  • + September (19)
bluesky logo
    bluesky logo
    bluesky logo
    bluesky logo
    bluesky logo

    All Content © The Volatility Foundation, a 501(c)(3) Nonprofit Organization.

    All Content © The Volatility Foundation, a 501(c)(3) Nonprofit Organization.

     

    Loading Comments...
     

    You must be logged in to post a comment.