PaulDotCom mailing list archives
Second Week of Month of Volatility Plugins II is posted
From: Andrew Case <atcuno () gmail com>
Date: Tue, 28 May 2013 15:17:32 -0500
We are writing as the second week of the second installment of the Month of Volatility Plugins is now posted. Volatility 2.3 is currently in beta, and the blog posts are focusing on new features in this version. This week's posts discussed a number of new and updated plugins used to analyze Windows systems. The first post discussed recovering RSA Private Keys and SSL Certificates from memory: http://volatility-labs.blogspot.com/2013/05/movp-ii-21-rsa-private-keys-and.html The second post discussed recovering information about unloaded kernel modules from memory: http://volatility-labs.blogspot.com/2013/05/movp-ii-22-unloaded-windows-kernel_22.html The third post showed how to create timelines with in-memory data using Volatility: http://volatility-labs.blogspot.com/2013/05/movp-ii-23-creating-timelines-with.html The fourth post demonstrated how to recover MFT entries and utilize them during investigations: http://volatility-labs.blogspot.com/2013/05/movp-ii-24-reconstructing-master-file.html The last post highlighted a number of new and updated plugins that are very useful during investigations: http://volatility-labs.blogspot.com/2013/05/movp-ii-25-new-and-improved-windows.html We hope you enjoy the posts, and the third week of posts will begin tomorrow and cover a number of new plugins to help analyze Linux and Android samples. If you have any questions or comments please comment on an individual blog post or reply to this email. Thanks, Andrew (@attrc) _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Second Week of Month of Volatility Plugins II is posted Andrew Case (May 29)