volatility-wnf: Browse and dump Windows Notification Facilities
This Volatility plugin is based on work of Alex Ionescu and Gabrielle Viala. https://blog.quarkslab.com/playing-with-the-win…
This Volatility plugin is based on work of Alex Ionescu and Gabrielle Viala. https://blog.quarkslab.com/playing-with-the-win…
Lee Holmes has posted about how to extract activity history from PowerShell process dumps. Such dumps may be gold mines, esp…
Matt Suiche has recorded a presentation on the new features of Comae Stardust, such as process memory dump support, YARA sca…
Andrea Fortuna created the AutoTimeliner, a tool that “automagically extract forensic timeline from volatile memory du…
Results from the 2018 Volatility Contests have been published. We congratulate Aliz Hammond and Team Decepticon with the fir…
Free-B-sd m-emory A-cquisition M-odule Tool/Kernel Module allows acquisition of volatile memory from FreeBSD. You can learn …
0.2-alpha version of memtriage has been released. This tool allows you to quickly query a Windows machine for RAM artifacts.…
Maxim Suhanov presented winmem_decompress – a program that tries to extract compressed memory pages from page-aligned …
The Windows Subsystem for Linux (WSL) was first included in the Anniversary Update of Microsoft’s Windows 10 operating…
Here is a talk on memory forensics by Jamie Levy from Lockdown 2018: …
Login