Memtriage v0.2-alpha Released
0.2-alpha version of memtriage has been released. This tool allows you to quickly query a Windows machine for RAM artifacts.…
winmem_decompress: Extract Сompressed Memory Pages from Page-Aligned Data
Maxim Suhanov presented winmem_decompress – a program that tries to extract compressed memory pages from page-aligned …
Memory forensics and the Windows Subsystem for Linux
The Windows Subsystem for Linux (WSL) was first included in the Anniversary Update of Microsoft’s Windows 10 operating…
Taking Memory Forensics To The Next Level
Here is a talk on memory forensics by Jamie Levy from Lockdown 2018: …
Memtriage: a tool for Windows memory live analysis
Memtriage allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to ac…
2018 Volatility Analysis Contest
Volatility Foundation has announced another contest – Volatility Analysis Contest. All you need is to choose a sophist…
2018 Volatility Plugin Contest
Volatility Foundation has announced this year’s Plugin Contest. All you need is to create an innovative and useful ext…
Windows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking at a list of processes, is immedi…
44 New OS X Profiles Were Just Added to Volatility
If you are doing macOS memory forensics often enough, we have great news for you – 44 new OS X profiles have been just…
Memory Forensics & Tor
Matt from bit_of_hex has published an interesting post about finding traces of Tor Browser usage in memory images with Volat…
