Results from the 2018 Volatility Contests
Results from the 2018 Volatility Contests have been published. We congratulate Aliz Hammond and Team Decepticon wi…
Acquire Volatile Memory from FreeBSD with FreeBmAM
Free-B-sd m-emory A-cquisition M-odule Tool/Kernel Module allows acquisition of volatile memory from FreeBSD. You can learn …
MemTri: A Memory Forensics Triage Tool Using Bayesian Network and Volatility
This work explores the development of MemTri. A memory forensics triage tool that can assess the likelihood of criminal acti…
Memory Acquisition and Virtual Secure Mode
Jason Hale has published a post about the impact of VBS on memory acqusition. With Windows 10 and Server 2016, Microsoft add…
Demisto – Volatility Memory Analysis
This demo shows the interactive investigation capabilities in Demisto using Volatility integration to analysis cridex malwar…
Mac RAM Imaging and Analysis
BlackBag Training Team has published a post about Mac memory imaging and analysis. They start from different ways of capturi…
HyperLink: Virtual Machine Introspection and Memory Forensic Analysis without Kernel Source Code
Virtual Machine Introspection (VMI) is an approach to inspecting and analyzing the software running inside a virtual machine…
Windows Forensics by Dr. Philip Polstra
Windows Forensics is the most comprehensive and up-to-date resource for those wishing to leverage the power of Linux and fre…
Live Forensics & Memory Analysis
So you think you might have a compromised Windows system. If you do, where do you start? How would you review the memory of …
Volatility on Ubuntu on Windows 10
Joshua Trombley has published a useful tutorial in his OpenSec Labs blog on how to install Volatility on Ubuntu on Wind…
