[prev in list] [next in list] [prev in thread] [next in thread]
List: vol-users
Subject: [Vol-users] Last week of MoVP, OMFW 2012 slides, and the GrrCon network forensics challenge
From: michael.hale () gmail ! com (Michael Hale Ligh)
Date: 2012-10-19 6:49:59
Message-ID: CAFM6LVCkAWeU6YxjJitU-PoMgHXEU7oiicbm_eVpeik8=REPnw () mail ! gmail ! com
[Download RAW message or body]
Some additional posts are available.
OMFW 2012: The Analysis of Process Token Privileges by Cem Gurkok
http://volatility-labs.blogspot.com/2012/10/omfw-2012-analysis-of-process-token.html
OMFW 2012: Mining the PFN Database for Malware Artifacts by George M.
Garner Jr.
http://volatility-labs.blogspot.com/2012/10/omfw-2012-mining-pfn-database-for.html
Reverse Engineering Poison Ivy's Injected Code Fragments
http://volatility-labs.blogspot.com/2012/10/reverse-engineering-poison-ivys.html
Enjoy!
On Fri, Oct 12, 2012 at 4:12 PM, Andrew Case <atcuno@gmail.com> wrote:
> Hello All,
>
> We are writing to announce a few new things related to Volatility and
> memory forensics.
>
> First, we have posted the last week of the Month of Volatility plugins:
>
> Post 1: Detecting Malware with GDI Timers and Callbacks
>
> This posts covers analyzing malware samples that use timer callbacks to
> schedule actions.
>
>
> http://volatility-labs.blogspot.com/2012/10/movp-41-detecting-malware-with-gdi.html
>
> Post 2: Taking Screenshots from Memory Dumps
>
> This posts covers the data structures and algorithms required to recreate
> the state of the screen (a screenshot) at the time of the memory capture.
>
>
> http://volatility-labs.blogspot.com/2012/10/movp-43-taking-screenshots-from-memory.html
>
> Post 3: Recovering Master Boot Records (MBRs) from Memory
>
> This post covers recovering the MBR from memory and detecting bootkits.
>
>
> http://volatility-labs.blogspot.com/2012/10/movp-43-recovering-master-boot-records.html
>
> Post 4: Cache Rules Everything Around Me(mory)
>
> This post covers a new plugin that can recover in-tact files from the
> Windows Cache Manager.
>
>
> http://volatility-labs.blogspot.com/2012/10/movp-44-cache-rules-everything-around.html
>
> Post 5: Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux
> Rootkit
>
> This post covers analyzing the Phalax2 rootkit with Volatility and other
> reversing tools.
>
>
> http://volatility-labs.blogspot.com/2012/10/phalanx-2-revealed-using-volatility-to.html
>
> Second, slides from the 2012 Open Memory Forensics Workshop are being put
> online:
>
> Datalore: Android Memory Analysis:
> http://volatility-labs.blogspot.com/2012/10/omfw-2012-datalore-android-memory.html
>
> Malware In the Windows GUI Subsystem:
> http://volatility-labs.blogspot.com/2012/10/omfw-2012-malware-in-windows-gui.html
>
> Reconstructing the MBR and MFT from Memory:
> http://volatility-labs.blogspot.com/2012/10/omfw-2012-reconstructing-mbr-and-mft.html
>
> Analyzing Linux Kernel Rootkits with Volatility:
> http://volatility-labs.blogspot.com/2012/10/omfw-2012-analyzing-linux-kernel.html
>
> Finally, we have posted our writeup on solving the GrrCon network
> forensics challenge using only memory analysis:
>
>
> http://volatility-labs.blogspot.com/2012/10/solving-grrcon-network-forensics.html
>
> If you have any questions or comments please either comment on the
> respective blog post or reply to the list.
>
> Thanks,
> Andrew
>
>
>
>
>
> _______________________________________________
> Vol-users mailing list
> Vol-users@volatilesystems.com
> http://lists.volatilesystems.com/mailman/listinfo/vol-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilesystems.com/pipermail/vol-users/attachments/20121019/fada8c96/attachment.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic