[Vol-users] Volatile Week (New Plugins)

AAron Walters awalters at 4tphi.net
Sat Jan 10 12:35:07 CST 2009


vol-users,

In case any subscribers don't follow the Volatility tumblr 
(http://volatility.tumblr.com/), I wanted to highlight some new 
tools/plugins.

Michael Hale Ligh just released a new Volatility plug-in, malfind.py to 
find and extract hidden and/or injected code from physical memory samples. 
He even provides a video demonstrating how it works. Shouts to MHL!

http://mnin.blogspot.com/2009/01/malfind-volatility-plug-in.html
http://www.mnin.org/code/malfind.py
http://www.mnin.org/video/malfind/malfind.html

Brendan Dolan-Gavitt released a new plugin for Volatility called moddump. 
Moddump allows a memory forensics analyst to extract kernel modules from 
physical memory.  Simply add it to your memory_plugins directory and start 
dumping kernel modules. Shouts to Brendan!

http://moyix.blogspot.com/2008/10/plugin-post-moddump.html
http://kurtz.cs.wesleyan.edu/~bdolangavitt/memory/moddump.py

Finally, Gleeda publicly released vol2html. vol2html is a Perl script that 
takes the output of Volatility and creates an html report. Shouts to 
Gleeda!

http://gleeda.blogspot.com/2008/11/vol2html-perl-script.html

Thanks,

AW


More information about the Vol-users mailing list