ADD: The Next Big Threat To Memory Forensics….Or Not
by Volatility | Feb 3, 2014 | anti-forensics, kernel, malware, rootkits, volatility
Similar to a rootkit, an anti-forensics tool or technique must possess two critical traits in order to be significant: 1. It must do something 2. It must get away with it Satisfying #1 is the easy part. You can hide a process, hide a kernel module, or in the case of...Malware Superlatives: Most Likely to Cry s/Wolf/Crocodile/
by Volatility | Jan 21, 2014 | kernel, malware, superlatives, windows
As a young boy once learned, its bad to cry wolf. Its not necessarily bad to cry crocodile, but the authors of Blazgel decided to do it anyway. Blazgel is a kernel rootkit that hooks various SSDT entries and has some backdoor capabilities. When I first saw it hooking...Comparing the Dexter and BlackPOS (Target) RAM Scraping Techniques
by Volatility | Jan 16, 2014 | malware, pos, ram scaper, windows
Up until yesterday when Brian Krebs wrote A First Look at the Target Intrusion, Malware, there weren’t many details about the involved code. Now that its out there, I thought it might be interesting to see how the “RAM scraping” feature worked...The Art of Memory Forensics
by Volatility | Jan 7, 2014 | artofmemoryforensics, forensics, kernel, linux, macosx, malware, training, volatility, windows
By now, some of you may have realized that The Art of Memory Forensics is available for pre-order on Amazon. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory This book is written by 4 of the core Volatility developers...2014 Malware and Memory Forensics Training Schedule Part 2
by Jamie Levy | Oct 31, 2013 | malware, training, volatility, windows
The Volatility Team would like to announce that our first public training on the East Coast for 2014 will take place in New York City on May 5th – 9th, 2014. Instructors: Michael Ligh (@iMHLv2), Andrew Case (@attrc), Jamie Levy (@gleeda) To request a link to the...
You must be logged in to post a comment.