The Secret to 64-bit Windows 8 and 2012 Raw Memory Dump Forensics
by Volatility | Jan 13, 2014 | forensics, kernel, omfw, training, volatility, win8, windows
Those of you who attended OMFW 2013 received a talk on Windows 8 and Server 2012 memory forensics with Volatility. One of the interesting aspects of this new operating system, which includes 8.1 and 2012 R2, is that the kernel debugger data block...The Art of Memory Forensics
by Volatility | Jan 7, 2014 | artofmemoryforensics, forensics, kernel, linux, macosx, malware, training, volatility, windows
By now, some of you may have realized that The Art of Memory Forensics is available for pre-order on Amazon. The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory This book is written by 4 of the core Volatility developers...2014 Malware and Memory Forensics Training Schedule Part 2
by Jamie Levy | Oct 31, 2013 | malware, training, volatility, windows
The Volatility Team would like to announce that our first public training on the East Coast for 2014 will take place in New York City on May 5th – 9th, 2014. Instructors: Michael Ligh (@iMHLv2), Andrew Case (@attrc), Jamie Levy (@gleeda) To request a link to the...Volatility 2.3 Released! (Official Mac OS X and Android Support)
by Volatility | Oct 25, 2013 | android, forensics, macosx, volatility
The Volatility Foundation is thrilled to announce the official release of Volatility 2.3! While the main goal of this release was Mac OS X (x86, x64) and Android Arm support, we also included a number of other exciting new capabilities! Highlights of this release...Sampling RAM Across the (EnCase) Enterprise
by Jamie Levy | Oct 10, 2013 | encase, sampling, volatility, windows
One thing that people may or may not realize is that you can mount memory with EnCase and use Volatility directly against the mounted memory “file”. This can be especially useful for checking your enterprise for infected machines in order to narrow your...
You must be logged in to post a comment.