August182008
I also had the pleasure of hanging out with Suiche in Vegas! Suiche, great job with your presentation! If you have some time, please help test the latest releases of his tools! Feedback drives development. Matthieu was also a big help in getting hibernation file support integrated into
Volatility 1.3!
1PM
Brian Krebs,
Security Fix, has an interesting Q&A with the FBI’s Cyber Division Chief, James Finch. I had the pleasure of meeting Mr. Finch in Vegas and he is definitely a great guy!
10AM
Brendan Dolan-Gavitt released a new plugin for
Volatility 1.3 called VolShell. He also provided the notes from the presentation he gave at
OMFW demonstrating how you can use VolShell for interactive memory exploration. Great work Brendan!
10AM
Richard Bejtlich recently posted his thoughts on
OMFW and
DFRWS. Richard, I’m glad you could make it and thanks for the feedback!
August162008
This is a link to an interesting presentation given by Wietse Venema at DFRWS 2005 discussing memory forensics. Thanks for the link Eoghan!
5PM
In this post, Brendan describes a Volatility 1.3 plugin that can be used to link processes to its associated user account.
5PM
You may also be interested in checking out the
presentation I gave at
OMFW discussing the new memory forensics features of Volatility 1.3. Brendan also discusses the motivation behind some of these features on his
blog.
August132008
Volatility helps to win DFRWS Challenge & Rodeo
Memory forensics was an important theme at this years DFRWS. We are very excited to relate that
Volatility was used to help
WIN both the
DFRWS Forensic Challenge and the DFRWS Forensic Rodeo. While I had to leave early and was not able to compete in the Forensics Rodeo, Michael Cohen led a team that used Volatility to help solve the Rodeo. This is even more impressive considering the team defeated another participant who was the lead developer of a commercial product! We are glad to see that Volatility is helping to “emPOWER investigators”.