The Volatility team will give a talk at the next NYC4SEC meetup on memory forensics on May 8th, 2014 at John Jay College. Make sure to RSVP if you are planning to attend, since there is limited seating!
Thanks For the Memory: Rootkits, Exfil and APT - RAM Conquers All
The ability to perform digital investigations and incident response
is becoming a critical skill for many occupations. Unfortunately,
digital investigators frequently lack the training or experience to take
advantage of the volatile artifacts found in physical memory. Volatile
memory contains valuable information about the runtime state of the
system, provides the ability to link artifacts from traditional forensic
analysis (network, file system, registry), and provides the ability to
ascertain investigative leads that have been unbeknownst to most
analysts. Malicious adversaries have been leveraging this knowledge
disparity to undermine many aspects of the digital investigation process
with such things as anti-forensics techniques, memory resident malware,
kernel rootkits, encryption (file systems, network traffic, etc), and
Trojan defenses. The only way to turn-the-tables and defeat a creative
digital human adversary is through talented analysts.
This talk demonstrates the importance of including Volatile memory in
your investigations with an overview of the most widely used memory
forensics tool, Volatility, by its developers.
-@gleeda
Monday, April 14, 2014
Friday, February 07, 2014
New Volatility Training Website
We have a new website for all of our Volatility training opportunities. Don't forget to check it out: http://www.memoryanalysis.net/
- @gleeda
- @gleeda
Labels:
forensics,
malware,
memory,
training,
volatility
Thursday, January 30, 2014
OMFW 2013 Slides
In case you missed it, I put up my slides for my OMFW 2013 talk "Every Step You Take: Profiling the System". You can find them here on google docs. Some of the animations may not render properly, even if played, but you get the idea. If you want to see the cyboxer plugin, send me an email (jamie.levy {at} gmail . com).
Labels:
OMFW,
plugins,
talks,
volatility
Subscribe to:
Posts (Atom)