Automated Hunting of Memory Resident Malware at Scale
Memhunter is an endpoint sensor tool that is specialized in detecing resident malware, improving the threat hunter analysis …
Extract Configuration Data of Known Malware with MalConfScan
JPCERT has released a Volatility plugin called MalConfScan. The plugin can be used to extract configuration data of popular …
Characteristics and detectability of Windows auto-start extensibility points in memory forensics
Computer forensicsĀ is performed during a securityĀ incident response processĀ on disk devices or on the memory of theĀ compromi…
volatility-wnf: Browse and dump Windows Notification Facilities
This Volatility plugin is based on work of Alex Ionescu and Gabrielle Viala. https://blog.quarkslab.com/playing-with-the-win…
Extracting Activity History from PowerShell Process Dumps
Lee Holmes has posted about how to extract activity history from PowerShell process dumps. Such dumps may be gold mines, esp…
Comae Stardust – New Features
Matt Suiche has recorded a presentation on the new features of Comae Stardust, such as process memory dump support, YARA sca…
Extract forensic timeline from memory dumps with AutoTimeliner
Andrea Fortuna created theĀ AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memory du…
Results from the 2018 Volatility Contests
Results from the 2018 Volatility Contests have been published. We congratulateĀ Aliz Hammond andĀ Team Decepticon with the fir…
Acquire Volatile Memory from FreeBSD with FreeBmAM
Free-B-sd m-emory A-cquisition M-odule Tool/Kernel Module allows acquisition of volatile memory from FreeBSD. You can learn …
Memtriage v0.2-alpha Released
0.2-alpha version of memtriage has been released. This tool allows you to quickly query a Windows machine for RAM artifacts.…
