During the course of a day, I typically come across a number of useful
"things" related to volatile memory analysis. Often, I don't have the time
to post a complete blog entry so I've decided to start a tumblelog:
In particular, you may want to check out the hypothetical dialog between a
defense attorney and a forensic examiner about volatile memory.
By the way, if any of you are interested in what is happening with
Volatility development. We are getting ready to release Volatility 1.2. We
mentioned it on the vol-dev list a couple of weeks ago:
I would especially like to thank both Brendan Dolan-Gavitt and Andreas
Schuster for all their help and contributions. I would also like to thank
those who have provided feedback and bug reports.
The agenda for the 2008 DoD Cyber Crime Conference has been posted:
I'll be giving a talk during the Research and Development Track at 0830
January 16, 2008. In this talk I will be discussing the latest
advancements in the area of Volatile Memory Analysis and how they affect
the way we perform digital investigations.
Advanced Volatile Memory Analysis
This session will focus on advanced techniques being used in
volatile memory analysis (VMA) and our experiences while performing VMA.
We will also discuss a number of open source tools and resources we have
made available to the digital investigation community. The session will
also explore how we are using VMA to perform automated malware analysis.
Finally, we will demonstrate how we are combining VMA with file system
analysis to help reconstruct and visualize the digital crime scene.