We will be in the Reston/Herndon area next week for a training, and
wanted to see if any Volatility users were interested in a meetup.
We will be hanging out in Herndon on Wednesday (the 5th) late
afternoon/night and Reston on Thursday. These will be informal meetups
at a bar or similar type place.
If you are interested in the specifics for a particular night then let
us know and we can pass them along information.
Hope to see some of you around!
We are pleased to announce that Michael Ligh (MHL) will be delivering a
two day version of our Malware and Memory Forensics training at this
year's NorthSec conference in Montreal:
This will be our first public training of any kind in Canada, and the
class is already quickly filling.
If you have any questions please see the URL above or let me or MHL know.
All mailing list services have been restored. If you have any questions
or experience any issues, please let me know. We apologize for any
inconvenience and thank you for your patience.
As a quick reminder, the new email address for the list will be: vol-users
[at] lists [dot] volatilityfoundation [dot] org. You can manage your
membership settings at the following URL:
The Volatility Foundation
After 10 years, it is finally time to move the Volatility mailing lists to
their new home at the Volatility Foundation,
lists.volatilityfoundation.org. The official cutover is currently
scheduled for Friday, 3/10/2017, at 1100 EST. As a part of this process,
we’re also performing a number of infrastructure and security upgrades. We
anticipate this planned outage will take less than 12 hours.
With the dramatic increase in spam over the last 10 years, we have relied
heavily on automated classification and manual review to make sure none of
those messages burden your inbox. Unfortunately, there have been
circumstances where some users’ emails have been inadvertently filtered.
In order to reduce the likelihood of this happening in the future, the
list will now be configured to only accept messages from email addresses
that are registered as members of the list.
During the move, we will handle migrating existing users to the new
systems. Once the move is complete, we will send an email notification
that will also serve as a test message on the new platform. If you do not
receive the notification email, please send me a note and we will work on
getting the issue resolved! We appreciate your patience as we make this
The new email address for the list will be: vol-users [at] lists [dot]
volatilityfoundation [dot] org.
As a part of this transition, we have also decided to sunset the
Volatility Developers mailing list (Vol-dev). Currently, almost all of
the development conversations and issues are handled within the Volatility
project page on Github:
https://github.com/volatilityfoundation/volatility. We will be maintaining
the Vol-dev mailing list archives for historical purposes.
A special thanks to the Volexity team and our official training partner,
memoryanalysis.net, for sponsoring the new infrastructure.
The Volatility Foundation
I'm a beginner in Memory Forensics, I want to develop volatility plugin
that searches a memory dumps to find records which inserted via C++
program. I'm created VType for the struct that used in the program but how
to access the records in memory dump using volatility.
I have a couple of questions that might be stupid but I am pretty new to
-Is there a specific reason why the windows operating system would need a
page to be marked Execute and Read/write?
-IS DKOM used only in Windows OSs?
We wanted to send a quick note that our upcoming training in Herndon is
likely going to sell out in the next week. Please contact us ASAP if you
wish to attend:
If you can't make this training, we also have public trainings later
this year in London and back in Herndon. Both of these currently have
We also have 1 (or possibly 2 depending on the week) private training
slots left for 2017. Again, contact us ASAP if your organization would
like a private training as the slots go pretty fast.
If you have any questions then please let us know.