Third Week of Month of Volatility Plugins II is posted

[Andrew Case <atcuno () gmail com>]

We are writing as the third week of the second installment of the
Month of Volatility Plugins is now posted. Volatility 2.3 is currently
in beta, and the blog posts are focusing on new features in this
version. This week's posts discussed a number of new and updated
plugins used to analyze Linux and Android systems.

The first post covered two new methods to detect kernel-level keyloggers:

http://volatility-labs.blogspot.com/2013/05/movp-ii-31-linux-checktty.html

The second post covered using Python and Yara to help with Linux &
Android memory analysis:

http://volatility-labs.blogspot.com/2013/05/movp-ii-32-linuxandroid-memory.html

The third post discussed the updated and now automated bash history scanner:

http://volatility-labs.blogspot.com/2013/05/movp-ii-33-automated-linuxandroid-bash.html

The fourth post discussed checking the ARM (Android) system call table
and exception vector table for signs of rootkits:

http://volatility-labs.blogspot.com/2013/06/movp-ii-34-checking-arm-android-system.html

The fifth post discussed utilizing the kmem_cache on Android systems:

http://volatility-labs.blogspot.com/2013/06/movp-ii-35-utilizing-kmemcache-for.html

We hope you enjoy the posts, and the fourth and final week of posts
will begin tomorrow and cover a number of new plugins to help analyze
Mac samples.

If you have any questions or comments please comment on an individual
blog post or reply to this email.

Thanks,
Andrew (@attrc)
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com