PaulDotCom mailing list archives
Last week of MoVP, OMFW 2012 slides, and the GrrCon network forensics challenge
From: Andrew Case <atcuno () gmail com>
Date: Fri, 12 Oct 2012 15:13:10 -0500
Hello All, We are writing to announce a few new things related to Volatility and memory forensics. First, we have posted the last week of the Month of Volatility plugins: Post 1: Detecting Malware with GDI Timers and Callbacks This posts covers analyzing malware samples that use timer callbacks to schedule actions. http://volatility-labs.blogspot.com/2012/10/movp-41-detecting-malware-with-gdi.html Post 2: Taking Screenshots from Memory Dumps This posts covers the data structures and algorithms required to recreate the state of the screen (a screenshot) at the time of the memory capture. http://volatility-labs.blogspot.com/2012/10/movp-43-taking-screenshots-from-memory.html Post 3: Recovering Master Boot Records (MBRs) from Memory This post covers recovering the MBR from memory and detecting bootkits. http://volatility-labs.blogspot.com/2012/10/movp-43-recovering-master-boot-records.html Post 4: Cache Rules Everything Around Me(mory) This post covers a new plugin that can recover in-tact files from the Windows Cache Manager. http://volatility-labs.blogspot.com/2012/10/movp-44-cache-rules-everything-around.html Post 5: Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit This post covers analyzing the Phalax2 rootkit with Volatility and other reversing tools. http://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html Second, slides from the 2012 Open Memory Forensics Workshop are being put online: Datalore: Android Memory Analysis: http://volatility-labs.blogspot.com/2012/10/omfw-2012-datalore-android-memory.html Malware In the Windows GUI Subsystem: http://volatility-labs.blogspot.com/2012/10/omfw-2012-malware-in-windows-gui.html Reconstructing the MBR and MFT from Memory: http://volatility-labs.blogspot.com/2012/10/omfw-2012-reconstructing-mbr-and-mft.html Analyzing Linux Kernel Rootkits with Volatility: http://volatility-labs.blogspot.com/2012/10/omfw-2012-analyzing-linux-kernel.html Finally, we have posted our writeup on solving the GrrCon network forensics challenge using only memory analysis: http://volatility-labs.blogspot.com/2012/10/solving-grrcon-network-forensics.html If you have any questions or comments please either comment on the respective blog post or reply to the list. Thanks, Andrew
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Last week of MoVP, OMFW 2012 slides, and the GrrCon network forensics challenge Andrew Case (Oct 13)