PlugX: Memory Forensics Lifecycle with Volatility
by Volatility | Nov 6, 2015 | anti-forensics, code injection, contest, impscan, malfind, osdfcon, plugx, rootkits, volatility
At OSDFCon last week, we discussed a case study showing how we identified manipulated memory artifacts in an infected environment. We were then able to rapidly introduce new capabilities to Volatility that could be used proactively in other environments. The...Announcing the 2014 Volatility Plugin Contest Results!
by Volatility | Oct 29, 2014 | contest, forensics, macosx, malware, rootkits, training, volatility, volatility foundation, windows
The competition this year was fierce! We received a total of nearly 30 plugins to the contest. Ranking the submissions was one of the hardest things we’ve had to do. Each plugin is unique in its own way and introduces a capability to open source memory forensics that...Volatility 2.4 at Blackhat Arsenal – Reverse Engineering Rootkits
by Volatility | Aug 27, 2014 | arsenal, blackhat, kernel, rootkits, volatility
This video demonstrates how you can leverage Volatility and memory forensics to detect kernel rootkits, assist with reverse engineering, and use the results for developing additional indicators. The video is narrated by Apple’s text to speech and you can find...ADD: The Next Big Threat To Memory Forensics….Or Not
by Volatility | Feb 3, 2014 | anti-forensics, kernel, malware, rootkits, volatility
Similar to a rootkit, an anti-forensics tool or technique must possess two critical traits in order to be significant: 1. It must do something 2. It must get away with it Satisfying #1 is the easy part. You can hide a process, hide a kernel module, or in the case of...
You must be logged in to post a comment.