MoVP 4.4 Cache Rules Everything Around Me(mory)
by Volatility | Oct 5, 2012 | forensics, kernel, movp, volatility, windows
Month of Volatility Plugins After an exciting month of new Volatility plugins and another amazing OMFW ( X volatilesystems.com/default/omfw), we are in the final home stretch. It’s only fitting that we take a moment to fill in some gaps and dispel some myths and...MoVP 4.2 Taking Screenshots from Memory Dumps
by Volatility | Oct 2, 2012 | forensics, kernel, malware, movp, volatility, windows
Month of Volatility Plugins Open Memory Forensics Workshop 2012 is currently in progress, thus today’s MoVP post will be short and sweet. However, it will still introduce an exciting new capability exclusive to Volatility. One of Brendan Dolan Gavitt’s early...MoVP 4.1 Detecting Malware with GDI Timers and Callbacks
by Volatility | Oct 1, 2012 | forensics, kernel, malware, movp, volatility, windows
Month of Volatility Plugins Nearly a year ago, Volatility became the first (and to this date, the only) memory forensics framework to analyze kernel timers for malware analysis. The timers plugin was introduced in two of my older blog posts: ZeroAccess,...MoVP 3.5: Analyzing the 2008 DFRWS Challenge with Volatility
by Volatility | Sep 28, 2012 | forensics, kernel, linux, movp, volatility
In this blog post I will go through analyzing the memory sample that was part of the 2008 DFRWS challenge. This challenge was focused on a Linux computer that had sensitive files transferred from it. Due to its complexity and thoroughness, the challenge is well...MoVP 3.4: Recovering tagCLIPDATA: What’s In Your Clipboard?
by Volatility | Sep 27, 2012 | forensics, kernel, malware, movp, volatility, windows
Month of Volatility Plugins Determining what’s in a computer’s clipboard can be a valuable resource. If you remember from MoVP 1.1 Logon Sessions, Processes, and Images, we traced an RDP user’s actions by dumping his command history and making note of the FTP...
You must be logged in to post a comment.