Collaborate Disseminate
I’m familiar with creating Linux memory profiles as stated here. However, this is assuming that I have access to the live system which often times is not the case.
I heard there is a way to build the profile with the compiled linux kernel… Continue reading How to build Linux Volatility Profiles With the Compiled Kernel
I’ve used a dump program to get a snapshot of my memory on newly installed Win10x64 and then I’ve pip it into Volatility(Memory forensics Software) by running this command :
python vol.py -f my_memory_dump.raw –profile=Win10x64 malfind
… Continue reading Are all PAGE_EXECUTE_READWRITE are security risk?
So I am trying to extract data from a full memory dump (Made with either dumpit or a BSOD). WinDBG manages to extract some information from it, but Volatility is silent:
PS F:\> C:\Python27\python.exe C:\Python27\Scripts\vol.py -v -f … Continue reading Why does Volatility fail on windows 10 dumps and what other tools can I use? [closed]
I am trying to use Volatility 2.6 to analyze memory dumps generated by DumpIt. I am experiencing an issue analyzing the memory dumps of two Windows 10 64 bit boxes (build numbers 18362.1 and 18362.476) and a Windows Server 20… Continue reading Volatility: Issue with analyzing Windows 10 and Server 2016 systems
The Volatility Team is very excited to announce the first public beta release of Volatility 3!
We presented this beta for the first time to OSDFCon attendees and received a very warm reception both during and after our presentation. As always, we are … Continue reading Announcing the Volatility 3 Public Beta!
We are excited to announce that in 2020 we will have 4 public offerings of our highly popular Malware and Memory Forensics training course. These offerings include:
March 9-13, San Diego, CA
April 20-24, Herndon, VA
September 21-25, Amsterdam, NL
Oct… Continue reading Volatility Malware and Memory Forensics Training in 2020!
I was wondering how could I give some advice to one of my friend when attempting to analyze live Windows machine which was infected with malware.
As far as I know, hibernation saves RAM memory contents and compresses them in… Continue reading Is there any difference between hiberfile.sys file and RAM dump made with 3rd party software for Volatility.py?
I’ve read that when an encrypted zip file is opened using explorer, windows caches the passwords in the Credential Manager.
Given the memory image of a machine where I’ve opened an encrypted zip, is there a way using volatil… Continue reading Extracting passwords from Windows Credential Manager
Following the tutorial described in this link, I was able to extract pictures in memory dumps with volatility and GIMP. But I don’t understand why it is possible to see other running programs in some memory dumps. For example… Continue reading Why is it possible to see running programs in memory dumps?
Trying to analyze a memory dump file. I use volatility filescan command which outputs all available files.
I want to find a specific text file and then to see the content of that.
My command looks like volatility dump_file_… Continue reading Memory dump analysis [on hold]