Wednesday, June 03, 2015
Volshell Quickies
Since someone had asked about it in a comment on this blog, I decided to write up a Volshell Quickie on the Volatility Labs blog. Enjoy!
Monday, May 18, 2015
Linux Memory Forensics: Using mprotect() with PROT_NONE
In case you didn't catch it on the Volatility Labs blog, I found an interesting bug that we've had in the framework since we've had Linux support. If you've had cases that involved Linux samples and plugins like linux_yarascan, linux_strings etc, you might want to update to the latest code and have another look over those samples. Of course, there's no reason to think that a piece of malware might have used this trick and used a sigsegv handler to access the data, but the idea has been around for years...
Thursday, January 29, 2015
Some Updates
Wow, it's been a while since I've written here. A lot has happened since, however. Here are a few updates:
The Book
We released a book: The Art of Memory Forensics. For those of you who are considering teaching memory forensics or even operating systems, we have a syllabus and evidence files on our website that you may use in your classes.Trainings
We have several trainings in line for this year, public and private. Public trainings currently include:- Reston, VA April 13th-17th 2015
- New York, NY May 11th-15th 2015
- Amsterdam, NL August 31st-September 4th 2015
Talks
I'll be speaking at the upcoming CEIC conference in Las Vegas, on Wednesday May 20th 2015. Apparently there is a discount code if you register before January 31st: JANS4v15
The Volatility team will also give another talk at NYC4SEC during the week of the training in NYC this coming May. More details will be given for that talk soon.
Subscribe to:
Posts (Atom)