Volatility

UserDump Memory Forensics

Often during engagements, we run across people who collect Win32 process memory images using Microsoft’s userdump utility.  We will now be able to process those images natively within Volatility.  Shouts to Brendan Dolan-Gavitt!