PaulDotCom mailing list archives
Third Week of Month of Volatility Plugins II is posted
From: Andrew Case <atcuno () gmail com>
Date: Tue, 4 Jun 2013 22:35:01 -0500
We are writing as the third week of the second installment of the Month of Volatility Plugins is now posted. Volatility 2.3 is currently in beta, and the blog posts are focusing on new features in this version. This week's posts discussed a number of new and updated plugins used to analyze Linux and Android systems. The first post covered two new methods to detect kernel-level keyloggers: http://volatility-labs.blogspot.com/2013/05/movp-ii-31-linux-checktty.html The second post covered using Python and Yara to help with Linux & Android memory analysis: http://volatility-labs.blogspot.com/2013/05/movp-ii-32-linuxandroid-memory.html The third post discussed the updated and now automated bash history scanner: http://volatility-labs.blogspot.com/2013/05/movp-ii-33-automated-linuxandroid-bash.html The fourth post discussed checking the ARM (Android) system call table and exception vector table for signs of rootkits: http://volatility-labs.blogspot.com/2013/06/movp-ii-34-checking-arm-android-system.html The fifth post discussed utilizing the kmem_cache on Android systems: http://volatility-labs.blogspot.com/2013/06/movp-ii-35-utilizing-kmemcache-for.html We hope you enjoy the posts, and the fourth and final week of posts will begin tomorrow and cover a number of new plugins to help analyze Mac samples. If you have any questions or comments please comment on an individual blog post or reply to this email. Thanks, Andrew (@attrc) _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Third Week of Month of Volatility Plugins II is posted Andrew Case (Jun 06)