May152008

UserDump Memory Forensics

Often during engagements, we run across people who collect Win32 process memory images using Microsoft’s userdump utility.  We will now be able to process those images natively within Volatility.  Shouts to Brendan Dolan-Gavitt!
May92008

The GPL Wins Again

“To all those who don’t like the license: you don’t have to use it. Just write your own code.” Shouts to guys at gpl-violations.org
May72008

Windows Hibernation File for Fun and Profit

Congratulations to Matthieu Suiche on getting his presentation accepted to Black Hat. You could probably even convince him to discuss recent GPL violations! While legal recourse is being pursued, maybe this will provide extra motivation for violators to respect the legal system and the community. Matthieu is doing some interesting work and has been a great help with some of the new functionality being added to Volatility 1.3. If you are in Vegas, you should check out his presentation!
May62008
“Research maxims: 1) Pay attention to details. (2) Don’t make stuff up.” Prof. Roy A. Maxion, Carnegie Mellon University,Computer Science Department.
May52008

DFRWS 2008 Agenda

The program for DFRWS 2008 has been posted. There are a number of papers discussing important advancements in memory forensic analysis that you won’t want to miss. In particular, I want to congratulate Andreas Schuster , Brendan Dolan-Gavitt , Dr. Michael Cohen for getting their papers accepted. The great work these gentlemen are doing is helping to make Volatility the most advanced memory forensics framework.  It’s encouraging to see people who are actually contributing to the open source community be rewarded for their hard work! Stay tuned for more exciting DFRWS announcements!
May42008

Linux Memory Forensics

May12008
“But it’s just about impossible to prevent secrets from being written to memory—presumably, your program needs access to the data at some point.” Chess, Brian and Jacob West. “Secure Programming with Static Analysis”. Addison-Wesley. 2007.
April302008

PTK Includes Volatility

For any of our Italian readers, PTK now includes support for Volatility. Once PTK is released, Volatility users will have the option of using PTK or PyFlag.  Thanks for the email Michele!
2PM

Software Forensics: Software fingerprints

You would hope that those same forensics companies claiming to help people enforce the law would at least respect the legal system. There is truly an amazing story going on behind the scenes.  I want to give my respect to all those people that are attempting to “empower the community” as opposed to “exploit the community”! 
April282008

The 3 Vendors: Software Forensics

This is a very interesting post by Andreas Schuster.  You should definitely take some time to check it out! I’m sure we will see a lot more of this activity with respect to volatile memory forensics software. Especially, as vendors are desperately trying to catch up to the research community! Nice work Andreas and others ;)!
 
← Older Entries Page 2 of 9 Newer Entries →