Presenting Volatility Foundation Volatility Framework 2.4
by Volatility | Aug 13, 2014 | artofmemoryforensics, blackhat, kernel, linux, macosx, malware, truecrypt, volatility, win8
The release of this new Volatility version coincides with the publication of The Art of Memory Forensics. It adds support for Windows 8, 8.1, 2012, and 2012 R2 memory dumps, Mac OS X Mavericks (up to 10.9.4), and Linux kernels up to 3.16. New plugins include the...Volatility at Black Hat USA & DFRWS 2014
by Volatility | Jul 7, 2014 | artofmemoryforensics, blackhat, forensics, truecrypt, volatility, win8
Due to another year of open research and giving back to the open source community, Volatility will have a strong presence at both Black Hat USA and DFRWS 2014. This includes presentations, a book signing, and even a party! At Black Hat, the core Volatility Developers...TrueCrypt Master Key Extraction And Volume Identification
by Volatility | Jan 14, 2014 | forensics, training, truecrypt, volatility, win8
One of the disclosed pitfalls of TrueCrypt disk encryption is that the master keys must remain in RAM in order to provide fully transparent encryption. In other words, if master keys were allowed to be flushed to disk, the design would suffer in terms of security...The Secret to 64-bit Windows 8 and 2012 Raw Memory Dump Forensics
by Volatility | Jan 13, 2014 | forensics, kernel, omfw, training, volatility, win8, windows
Those of you who attended OMFW 2013 received a talk on Windows 8 and Server 2012 memory forensics with Volatility. One of the interesting aspects of this new operating system, which includes 8.1 and 2012 R2, is that the kernel debugger data block...
You must be logged in to post a comment.