OMFW: Linux Memory Analysis with Volatility
As many of you know, OMFW is rapidly approaching. Based on the number of registration requests we are receiving, its seems the community is just as excited as we are. If you are still considering attending, I would suggest sending an email to request a seat as soon as possible. There are only a couple of seats remaining. We are planning to send out final reservation confirmations this weekend.
The next talk we would like to highlight is “Linux Memory Analysis with Volatility”, which will be presented by Andrew Case. In the last couple of years, Andrew has published a lot of exciting research in the area of Linux memory analysis and has been leading up the development efforts to add Linux support back into Volatility. If we are lucky, we may even convince him to talk about some of the work he has been doing with Android memory analysis! If you have seen any of the talks he has given at Black Hat or SOURCE within the past year, you know Andrew is not afraid to deep dive into the technical details of the Linux kernel:
Within the last year, a number of features have been added to Volatility to provide robust Linux memory analysis capabilities. This includes recovery of common information such as running processes, open files, memory maps, networking information, kernel modules, etc. Recovery of historical information is also implemented through analysis of kmem_cache structures. Finally, detection of a wide range of kernel mode rootkits, including those that only modify dynamic data, is incorporated into the analysis modules. During this presentation, we will discuss these wide ranging capabilities and how they can be used to handle a variety of investigative scenarios.
