Memory Acquisition and Virtual Secure Mode
Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows 10 and Server 2016, Microsoft add…
Scanning Memory with Yara
Memory analysis has been successfully utilized to detect malware in many high profile cases. The use of signature scanning t…
Gaslight: A comprehensive fuzzing architecture for memory forensics frameworks
Memory forensics is now a standard component of digital forensic investigations and incident response handling, since memory…
SANS Published New Memory Forensics Analysis Poster
Good news from SANS – they have published NEW Memory Forensics Analysis Poster! You can get your digital copy of the p…
How to Recover Event Logs from a Windows Memory Image
Another interesting article has been posted by Andrea Fortuna. This time he is writing about event logs recovery from a Wind…
Mac RAM Imaging and Analysis
BlackBag Training Team has published a post about Mac memory imaging and analysis. They start from different ways of capturi…
Malware Persistence Techniques
Andrea Fortuna has posted a very useful article about the most common malware persistence techniques. You will learn about t…
Windows Application Compatibility Forensics
Richard Davis has posted another video as a part of his “Introduction to Windows Forensics”, which shows three a…
An Introduction to VolUtility
Basil Alawi S.Taher has posted a nice overview of how to start using VolUtility – a web frontend for Volatility framew…
Volatility Memory Analysis: Building Linux Kernel Profiles
Joshua James has published a video-tutorial on how to build Linux kernel profiles for memory forensics with Volatility. He n…
