Volatility Updates Summer 2015
by Volatility | Aug 25, 2015 | arsenal, blackhat, linux, macosx, training, volatility foundation, windows
Summer 2015 has been quite a busy time for the memory forensics community. We wanted to write a quick update to talk about some recent events and research as well as upcoming news. Conferences Black Hat Vegas 2015 We wanted to again thank everyone who came out and...Recovering TeamViewer (and other) Credentials from RAM with EditBox
by Volatility | Aug 1, 2015 | contest, forensics, passwords, volatility, windows
I recently stumbled upon the TeamViewer-dumper-in-CPP project, which shows just how easy it is to recover TeamViewer IDs, passwords, and account information from a running TV instance by enumerating child windows (on a live machine). The method is based on sending a...Volshell Quickie: The Case of the Missing Unicode Characters
by Jamie Levy | Jun 3, 2015 | quickie, volshell, windows
The other day someone reached out to me because they had a case that involved files with Arabic names. Unfortunately the filenames were only question marks when using filescan or handles, so I set out to figure out why. In order to figure out why, I created a...Announcing the 2014 Volatility Plugin Contest Results!
by Volatility | Oct 29, 2014 | contest, forensics, macosx, malware, rootkits, training, volatility, volatility foundation, windows
The competition this year was fierce! We received a total of nearly 30 plugins to the contest. Ranking the submissions was one of the hardest things we’ve had to do. Each plugin is unique in its own way and introduces a capability to open source memory forensics that...New Volatility 2.4 Cheet Sheet with Linux, Mac, and RTFM
by Volatility | Aug 18, 2014 | artofmemoryforensics, linux, macosx, training, volatility, windows
Our Windows Malware and Memory Forensics Training class is intense and rigorous, because its designed to reflect real world investigations. When you have a limited amount of time and you’re being pressured for reliable answers – every minute counts....
You must be logged in to post a comment.