The Secret to 64-bit Windows 8 and 2012 Raw Memory Dump Forensics
by Volatility | Jan 13, 2014 | forensics, kernel, omfw, training, volatility, win8, windows
Those of you who attended OMFW 2013 received a talk on Windows 8 and Server 2012 memory forensics with Volatility. One of the interesting aspects of this new operating system, which includes 8.1 and 2012 R2, is that the kernel debugger data block...What’s Happening in the World of Volatility?
by Volatility | May 13, 2013 | contest, forensics, malware, movp, omfw, training, volatility
Volatility is not just an advanced open-source memory forensics framework for Windows, Linux, Mac, and Android. Its a community, an attitude, a lifestyle, and every day it grows in popularity, maturity, and integrity. This post will summarize some of the upcoming...OMFW 2012: Mining the PFN Database for Malware Artifacts
by Volatility | Oct 19, 2012 | forensics, kernel, knttools, malware, omfw, windows
There are few people in the world who know more about physical memory acquisition and analysis than Mr. Garner; President of GMG Systems, Inc. and author of ( X http://www.gmgsystemsinc.com/knttools/) KnTTools. At a rare conference appearance, George discussed how he...OMFW 2012: The Analysis of Process Token Privileges
by Volatility | Oct 19, 2012 | malware, omfw, volatility, windows
Reverse engineering windows systems nowadays involves looking at static data, such as executables, symbols, pdbs, and/or dynamic data when debugging with a tool like windbg. Determining data structures and the meaning of their content has proven to be time consuming,...MoVP for Volatility 2.2 and OMFW 2012 Wrap-Up
by Volatility | Oct 12, 2012 | forensics, linux, movp, omfw, volatility, windows
The Month of Volatility Plugins and Open Memory Forensics Workshop 2012 have now come to an end. Volatility 2.2 has been released. We hope you enjoyed spending time with us learning about the new features and innovative research that’s being built into the...
You must be logged in to post a comment.