Extract forensic timeline from memory dumps with AutoTimeliner
Andrea Fortuna created the AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memory du…
Results from the 2018 Volatility Contests
Results from the 2018 Volatility Contests have been published. We congratulate Aliz Hammond and Team Decepticon with the fir…
Acquire Volatile Memory from FreeBSD with FreeBmAM
Free-B-sd m-emory A-cquisition M-odule Tool/Kernel Module allows acquisition of volatile memory from FreeBSD. You can learn …
Memtriage v0.2-alpha Released
0.2-alpha version of memtriage has been released. This tool allows you to quickly query a Windows machine for RAM artifacts.…
winmem_decompress: Extract Сompressed Memory Pages from Page-Aligned Data
Maxim Suhanov presented winmem_decompress – a program that tries to extract compressed memory pages from page-aligned …
Memory forensics and the Windows Subsystem for Linux
The Windows Subsystem for Linux (WSL) was first included in the Anniversary Update of Microsoft’s Windows 10 operating…
Taking Memory Forensics To The Next Level
Here is a talk on memory forensics by Jamie Levy from Lockdown 2018: …
Memtriage: a tool for Windows memory live analysis
Memtriage allows you to quickly query a live Windows machine for RAM artifacts. This tool utilizes the Winpmem drivers to ac…
2018 Volatility Analysis Contest
Volatility Foundation has announced another contest – Volatility Analysis Contest. All you need is to choose a sophist…
2018 Volatility Plugin Contest
Volatility Foundation has announced this year’s Plugin Contest. All you need is to create an innovative and useful ext…
