Memtriage: a tool for Windows memory live analysis
Memtriage allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to ac…
2018 Volatility Analysis Contest
Volatility Foundation has announced another contest – Volatility Analysis Contest. All you need is to choose a sophist…
2018 Volatility Plugin Contest
Volatility Foundation has announced this year’s Plugin Contest. All you need is to create an innovative and useful ext…
Windows Process Genealogy
As an incident responder, one of the things you need to be able to quickly do when looking at a list of processes, is immedi…
44 New OS X Profiles Were Just Added to Volatility
If you are doing macOS memory forensics often enough, we have great news for you – 44 new OS X profiles have been just…
Memory Forensics & Tor
Matt from bit_of_hex has published an interesting post about finding traces of Tor Browser usage in memory images with Volat…
Volatility: Proxies and Network Traffic
Marcus Bakker from MB Secure has published a tutorial on how to catch malware beaconing from an infrastructure where a non-t…
Finding Metasploit’s Meterpreter Traces with Memory Forensics
Metasploit Framework is very popular not only among pentesters, but also quite often used by real adversaries. So why memory…
Volatility Profiles and Windows 10
As of the recording of this video, the current version of Volatility is 2.6; however, even if you have this version installe…
The Power of Logging in Incident Response
In this post Brad Garnett writes about the importance of logging in incident response. Brad mentions such important digital …
