Skip to content

Volatility Documentation Project

gleeda edited this page Aug 18, 2015 · 40 revisions

This is a catalog of research, documentation, analysis, and tutorials generated by members of the volatility community. If you've written about volatility and don't see your work represented in the list, please let us know. The items are in time order, with the most recent items appearing at the top of the table.

Year Month Type Title Author
2015 August Blog Python script to combine psscan and pslist Output thepcn3rd (@lokut)
2015 July Code ksfinder: Retrieve exported kernel symbols from physical memory dumps @emdel
2015 June Blog Memory Analysis of DarkComet using VolDiff @aim4r
2015 May Video Evolve - Running multiple plugins at the start James Habben (@JamesHabben)
2015 April Code linux_python_strings Ying Li (@cyli)
2015 April Code Evolve James Habben (@JamesHabben)
2015 April Video EVolve Teaser James Habben (@JamesHabben)
2015 April Video Presentation Where in your RAM is "python san_diego.py"? - PyCon 2015 Ying Li (@cyli)
2015 February Code Dyrescan Kudelski Security
2015 February Blog Volatility plugin for Dyre Kudelski Security
2015 January Blog Triaging a System Infected with Poweliks Corey Harrell (@corey_harrell)
2015 January Blog Hunting and Decrypting Communications of Gh0st RAT in Memory Monnappa (@monnappa22)
2014 December Blog Pattern-Based Approach for In-Memory ShellCodes Detection Emanuele De Lucia
2014 December Blog Parsing the hiberfil.sys, searching for slack space DiabloHorn
2014 December Book Black Hat Python (Chapter 11 Automating Offensive Forensics) Justin Seitz (@jms_dot_py)
2014 November Blog Volatilisons Linux: partie 2 (French) Frederic Baguelin (@udgover)
2014 November Video Presentation Reverse All the Things with PANDA Brendan Dolan-Gavitt (@moyix)
2014 November Code Detekt - Malware Triaging Tool Claudio Guarnieri (@botherder)
2014 November Presentation Science, Sharing, and Repeatability in Memory Forensics Brendan Dolan-Gavitt (@moyix)
2014 November Presentation Next Generation Memory Forensics The @volatility developers
2014 November Blog 9447 2014 CTF Write Up: coor coor (using Volatility to extract OTR keys) Bernardo Rodrigues
2014 November Blog Viewing Thread Information in Mac Memory Cem Gurkok (@CGurkok)
2014 November Blog Tracing Bits of Coins in Mac Memory Cem Gurkok (@CGurkok)
2014 November Blog Finding Call Reference Hooks in Mac Memory Cem Gurkok (@CGurkok)
2014 November Blog Detecting Shadow TrustedBSD Policy Tables In Mac Memory Cem Gurkok (@CGurkok)
2014 November Presentation [Memory Forensics for IR- Leveraging Volatility to Hunt Advanced Actors] (http://www.slideshare.net/jared703/vol-ir-jgss114) Jared Greenhill (@jared703)
2014 October Blog Vol-MsDecompress (plugin contest) Jamaal Speights (@jamaalspeights)
2014 October Video SecTor 2014 - Unmasking Careto through Memory Analysis Andrew Case (@attrc)
2014 September Blog How to remotely acquire physical memory using @fresponse and @volatility Ryan Bentz (@grayhatninja)
2014 September Blog Announcing the BETA release of DAMM Vico Marziale (@vicomarziale)
2014 September Blog Volatility autoruns plugin Thomas Chopitea (@tomchop_)
2014 August Blog Volatility Plugin – SQLite Helper Dave Lassalle (@superponible)
2014 August Blog Volatility Plugin – Firefox History Dave Lassalle (@superponible)
2014 August Blog Volatility Plugin – Java IDX Parser Dave Lassalle (@superponible)
2014 August Blog Volatility Plugin – Chrome History Dave Lassalle (@superponible)
2014 August Blog Volatility Plugin – Office Trust Records Dave Lassalle (@superponible)
2014 August Blog Volatility Plugin – SSDeep for malfind and apihooks Dave Lassalle (@superponible)
2014 August Blog Fast Malware Triage Using Openioc_scan Volatility Plugin Takahiro Haruyama (@cci_forensics)
2014 June Paper In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux Golden G. Richard III and Andrew Case
2014 June Paper Applying Memory Forensics to Rootkit Detection Igor Korkin and Ivan Nesterov
2014 May Video TWC: Recalling Windows Memories Paula Januszkiewicz
2014 May Blog Acquiring Linux Memory from a Server Far Far Away Dan Caban
2014 May Slides Mo' Memory No' Problem Glenn P. Edwards, Jr. (@HiddenIllusion) and Ian Ahl (@TekDefense)
2014 May Blog Targeted Forensics: Mapping a Process to a Malicious Command and Control Justin Grosfelt
2014 May Blog Mr Silverlight Drive-by Meet Volatility Timelines Corey Harrell (@corey_harrell)
2014 May Blog GETTING STARTED WITH MEMORY FORENSICS Salim Awad
2014 May Code Volatility USN Journal Parser Tom Spencer
2014 May Blog Post-Mortem Memory Analysis of Cold-Booted Android Devices Hilgers, Macht, Muller, Spreitzenbarth
2014 April Blog Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump For-MD (http://for-md.org)
2014 April Blog Hyper-V 2012 and 2012 R2 live virtual machine memory acquisition and analysis Wyatt Roersma (@WyattRoersma)
2014 April Blog Rewriting/anonymizing artifacts Glenn P. Edwards Jr. (@hiddenillusion)
2014 March Blog Analyzing a Linux Memory Dump Ric Messier (@ricmessier)
2014 March Blog Finding Advanced Malware Using Volatility Monnappa (@monnappa22)
2014 March Blog Uroburos Rootkit Hook Analysis and Driver Extraction @spresec
2014 March Code OpenVPN credentials extractor Phaeilo
2014 March Blog Creating Volatility Linux Profiles (openSUSE) @Evild3ad79
2014 March Blog Creating Volatility Linux Profiles (Debian/Ubuntu) @Evild3ad79
2014 February Presentation Hunting Mac Malware with Memory Forensics Andrew Case (@attrc)
2014 February Presentation Hunting for OS X Rootkits in Memory Cem Gurkok (@CGurkok)
2014 February Blog Dumping DarkComet config out of memory using volatility @dfirn00b
2014 February Blog Malware with No Strings Attached - Dynamic Analysis Brian Baskin (@bbaskin)
2014 February Blog Finding malicious DLLs with Volatility Chris Gates (@carnal0wnage)
2014 January Presentation memory forensics introductory work shop Sandro Suffert (@suffert)
2014 January Blog Forensics Analysis of Anti-Forensic Activities Jack Crook (@jackcr)
2014 January Blog PlugX "v2": meet "SController" F4b (@0xf4b)
2014 January Blog PHDays CTF 2014 - FreeBDSM Mariano Graziano (@emd3l)
2013 December Blog Cryptolocker Analysis with Volatility Cornel
2013 December Blog Another look at a cross-platform DDoS botnet Andre' Di Mino (@sempersecurus)
2013 December Blog ANALYZING DARKCOMET IN MEMORY Ian Ahl (@!TekDefense)
2013 December Blog The botmaster: jackcr - 12/27/13 memory image Kyle Oetken (@kyleoetken)
2013 December Blog Malware Capabilities and Conspiracy Theory Jack Crook (@jackcr)
2013 December Blog Analizando un trozito de memoria jony
2013 December Blog A Forensic Overview of a Linux perlbot Andre' Di Mino (@sempersecurus)
2013 December Blog DC3 Forensic Challenge - Memory Analysis J. Oquendo
2013 November Blog Hunting APT RAT 9002 In Memory Using Volatility Plugin Monnappa (@monnappa22)
2013 November Blog Analyzing Malicious Processes Jack Crook (@jackcr)
2013 November Blog Volatility 2.3 and FireEye's diskless, memory-only Trojan.APT.9002 Russ !McRee (@holisticinfosec)
2013 October Blog Locating injected code in memory Jack Crook (@jackcr)
2013 October Blog Analyzing Hyper-V Saved State files in Volatility Wyatt Roersma (@!WyattRoersma)
2013 October Blog/Paper GrrCON DFIR Challenge 2013 Wyatt Roersma (@!WyattRoersma)
2013 October Code Filelist and Virustotal Volatility Plugins Sebastien Bourdon-Richard
2013 October Blog Dumping Malware Configuration Data from Memory with Volatility Brian Baskin (@bbaskin)
2013 October Blog VOLSHELL FOR THE WEB! Martijn Veken (@martijnveken)
2013 September Blog The Hunt for Memory Malware Albert Fruz
2013 August Blog ebCTF 2013: FOR100 Gabriel Laskar
2013 August Code Hashtest Andy White
2013 August Blog Total Recall Script Released Melissa (@sk3tchymoos3)
2013 August Code Some scripts/plugins for Volatility Glenn P. Edwards Jr (@hiddenillusion)
2013 August Code Volatility Interface to the Binary Analysis Platform Carl Pulley
2013 August Blog Quick Volatility overview and R.E. analysis of Win32.Chebri Evilcry
2013 August Blog JackCR ISSA 2013 Netwars Challange - Memory Issues Bryan Nolen (@!BryanNolen)
2013 August Blog vadimm Jamaal Speights (@jamaalspeights)
2013 August Video Topics in post-mortem debugging Adam Leventhal (@ahl)
2013 August Blog How to install Volatility on Mac OS X (Version 10.8.4) Evild3ad (@Evild3ad79)
2013 August Paper Integrity Verification of User Space Code White, Schatz, Foo
2013 July Blog Hooking IDT in OS X and Detection Cem Gurkok (@CGurkok)
2013 July Blog Advanced Malware Analysis Training Session 7 – Malware Memory Forensics Monnappa (@monnappa22)
2013 July Blog Back to Defense: Finding Hooks in OS X with Volatility Cem Gurkok (@CGurkok)
2013 July Blog Zeus trojan memory forensics with Volatility Javier Nieto Arevalo
2013 July Code Linux Threads and CPU Registers Plugins Edwin Smulders (0x445554434859)
2013 July Blog Offensive Volatility: Messing with the OS X Syscall Table Cem Gurkok (@CGurkok)
2013 July Blog Ethscan: volatility memory forensics framework plugin for recovering Ethernet frames from memory. Jamaal Speights (@jamaalspeights)
2013 June Paper Hypervisor Memory Forensics (pdf) Mariano Graziano (@emd3l)
2013 June Blog Analizando un trozito de memoria neofito (@neosysforensics)
2013 June Blog Volatility 2.2 Class/Api Documentation Jamaal Speights (@jamaalspeights)
2013 May Blog Zues Analysis - Memory Forensics Via Volatility Zubair Ashraf (@zashraf1337)
2013 May Blog Automatic Plugin Generation with Dalvik Inspector Joe Sylve (@jtsylve) and Vico Marziale (@vicomarziale)
2013 May Blog check_dtrace - A Volatility Plugin Arises Cem Gurkok (@CGurkok)
2013 April Blog Actaeon - Hypervisors Hunter Mariano Graziano (@emd3l)
2013 April Blog Forensic Analysis of Memory on Linux Peter Schulik
2013 April Blog Cyber Defense Exercise 2013: Extracting cached passphrases in Truecrypt syreal
2013 April Blog Hunting D-Trace Rootkits with The Volatility Framework Cem Gurkok (@CGurkok)
2013 April Blog Android Application (Dalvik) Memory Analysis & the Chuli Malware Joe Sylve (@jtsylve) and Vico Marziale (@vicomarziale)
2013 March Slides Memory Forensics - Helping to Find What's Not There Melissa Augustine (@sk3tchymoos3)
2013 March Blog Live Linux forensics in a KVM based environment charley pfaff (@bl4ck_0ut)
2013 March Paper Indicators of Compromise in Memory Forensics Chad Robertson (@chrooted)
2013 March Blog OSX Live Memory Forensics with Volatility Jon Schipp (@jonschipp)
2013 March Presentation Memory Analysis with Volatility Russ !McRee (@holisticinfosec)
2013 March Presentation Memory Analysis with Volatility Karl Sigler (@ksigler)
2013 February Blog Memory Dump Hash Cracking Mike Machnik (@machn1k)
2013 February Video Using LiME & Volatility to analyze Linux memory Brian Keefer (@chort0)
2013 February Video Using Cuckoobox & Volatility to analyze APT1 malware Brian Keefer (@chort0)
2013 February Slides My First Incident Response Team Brian Keefer (@chort0)
2013 February Blog Manipulating Memory for Fun & Profit Frederic Bourla
2013 February Blog Using OSForensics with Volatility @PassMarkInc
2013 February Blog Volatility – Memory Analysis Tool Rehan Bashir (@rehan2001)
2013 February Blog Set up your keylogger to report by email? Bad idea! (The case of Ardamax) Alberto Ortega (@a0rtega)
2013 January Paper Live Memory Forensics on Android with Volatility Holger Macht
2013 January Slides Defeating Windows Memory Forensics Luka Milkovic
2013 January Blog Volatility vs Citadel 1.3.4.5 Santiago Vicente @smvicente
2013 January Blog Stabuniq Financial Infostealer Trojan Analysis Quequero & Evilcry
2012 December Blog Hunting Malware with Memory Analysis Jeremy Scott (@Solutionary)
2012 December Paper @Jackcr Forensic Challenge Bryan Nolen (@!BryanNolen)
2012 December Paper Hunting Mac OS X Rootkits with Memory Forensics K. Lee, J. Kim, H. Koo
2012 November Blog jackr forensic challenge 2 @infoseckitten, @magicked, @alwaysreit
2012 November Video DFIROnline: Android Forensics with Volatility and LiME Andrew Case (@attrc)
2012 November Blog APTish Attack via Metasploit - Part III - Memory Analysis Patrick Olsen (@patrickrolsen)
2012 November Blog @jackcr forensic challenge @infoseckitten, @magicked, @alwaysreit
2012 November Blog Memory Forensics for Malware Analysis Andrew !McNicol
2012 November Blog Automating Volatility @martijnveken
2012 November Paper Blacksheep: Detecting Compromised Hosts in Homogeneous Crowds UC Santa Barbara
2012 October Slides Case Study - Rootkit Analysis m0nna (@monnappa22)
2012 October Blog Backdoors are Forever: Hacking Team and the Targeting of Dissent? Morgan Marquis-Boire (@headhntr)
2012 October Blog Blackhole & Cridex: Season 2 Episode 1: Intuit Spam & SSL traffic analysis Andre' Di Mino (@sempersecurus)
2012 September Paper Acquiring Digital Evidence from Botnet Attacks Junewon Park
2012 September Blog cr0security rootkit analysis Teguh P. Alko
2012 September Blog Linux, Volatility, and Profiles neofito (@neosysforensics)
2012 August Paper/Slides Virtual Machine Introspection in a Hybrid Honeypot Architecture Lengyel, et. al.
2012 August Code userspace.py Andrew White
2012 August Blog Using Volatility Framework as a Library Adam Pridgen
2012 August Blog Identifying a mounted TrueCrypt volume from artifacts in volatile memory Adam Bridge (bridgeythegeek)
2012 August Blog Pen Test Privilege Escalation Through Suspended Virtual Machines Mark Baggett (@markbaggett)
2012 August Blog Cridex Analysis Using Volatility Andre M. !DiMino (@sempersecurus)
2012 August Blog Extracting processes binary w/ volatility, disk image @ykx100
2012 August Magazine Malware Memory Forensics Monnappa
2012 August Blog Configure Volatility framework on Windows OS Stefano Antenucci
2012 August Blog Recoving tmpfs from Memory with Volatility Andrew Case (@attrc)
2012 June Slides You suck at Memory Analysis Francisco Gama T. R. (@blackthorne)
2012 June Blog QuickPost: Flame & Volatility Michael Ligh (@iMHLv2)
2012 June Blog Announcing Mac Support in Volatility Andrew Case (@attrc)
2012 June Slides Mac Memory Analysis with Volatility Andrew Case (@attrc)
2012 June Blog LiME 1.1 Released Joe Sylve (@jtsylve)
2012 June Blog/Video Training Session Part 8 – Practical Reversing (III) – Memory Forensics Monnappa
2012 June Code Volatility plugin to detect Poison Ivy in memory and dump run-time config Andreas Schuster (@forensikblog)
2012 June Video Memory Analysis During Incident Response Brett Cunningham
2012 June Video Volatility Know How's MrKishorD
2012 June Blog Using Volatility with EnCase Mark Morgan
2012 July Blog From Bahrain With Love: FinFisher’s Spy Kit Exposed? Morgan Marquis-Boire
2012 July Blog Xtreme RAT analysis Malware.lu ([email protected])
2012 July Blog Volatility Guide - Living Doc s0ck3t
2012 May Paper sKyWIper (a.k.a. Flame, Flamer): A complex malware for targeted attacks CrySyS Lab (@CrySysLab)
2012 May Blog Tracking Malware Crumb in Memory @ykx100
2012 April Blog Memory Forensics Cheat Sheet @chadtilbury
2012 April Blog YARA + Volatility ... the beginning @hiddenillusion
2012 April Blog IETab_IE65 Malware Memory Analysis @patrickrolsen
2012 April Blog Registry Analysis in Volatility Tamer Hassan
2012 April Blog Malware Memory Analysis - Volatility Basement Tech
2012 April Video VOLATILITY & DUMPIT : DEADLY COMBO TO GET UR PASSWORDS anupam50
2012 March Video Malgram Dynamic Analyses (SRI International) uses Volatility in their sandbox SRI International
2012 March Blog From Hibernation file to Malware analysis with Volatility Christiaan Beek
2012 March Blog/Video Capstone Project: Volatile Memory Analysis – Identifying Rogue Executables Ben Rogers
2012 March Magazine Memory Timelines Using Volatility’s Timeliner Nick Baronian
2012 March Slides One-byte Modification for Breaking Memory Forensic Analysis Takahiro Haruyama and Hiroshi Suzuki
2012 February Blog RAM dump with VirtualBox: via ELF64 coredump Philippe Teuwen
2012 February Blog Suspected South Korean Malware @patrickrolsen
2012 January Blog Malware Analysis with SIFT and Volatility @patrickrolsen
2012 January Blog Running Volatility Memory Forensics Framework on your android phone! Jamaal Speights
2012 January Slides Android Mind Reading: Memory Acquisition and Analysis with DMD and Volatility Joe Sylve (@jtsylve)
2012 January Video Android Mind Reading: Memory Acquisition and Analysis with DMD and Volatility Joe Sylve (@jtsylve)
2012 January Paper Acquisition and Analysis of Volatile Memory from Android Devices Joe Sylve (@jtsylve) & Andrew Case (@attrc)
2012 January Blog Ramnit, Zeus and the BAT! Part 2 cbentle2
2011 December Slides Hunting Malware with Volatiltiy 2.0 Frank Boldewin
2011 November Video Using Volatility: Suspicious Process (1/2) Melissa (@sk3tchymoos3)
2011 November Video Using Volatility: Suspicious Process (Part 2/2) Melissa (@sk3tchymoos3)
2011 November Blog GRR: Google Rapid Response and Volatility AAron Walters
2011 November Blog Sandia National Laboratories: Virtual Machine Introspection (VMI) Tools and Volatility Support AAron Walters
2011 November Blog Memory Forensics: Pull Process & Network Connections from a Memory Dump c0decstuff
2011 November Blog Memory Forensics: How to Pull Passwords from a Memory Dump Daniel Dieterle
2011 November Blog Análisis avanzado de memoria de sistemas Microsoft Windows con Volatility Sergio Hernando (@sergiohernando)
2011 November Blog Using Volatility: Suspicious Process Melissa (@sk3tchymoos3)
2011 November Blog Memory Forensics: Analyzing a Stuxnet Memory Dump (And you can too!) Daniel Dieterle
2011 October Article CSI:Internet Episode 4: Open heart surgery Frank Boldewin
2011 October Blog Dirt Jumper DDoS Bot - New versions, New targets Andre M. !DiMino (@sempersecurus)
2011 October Blog [Volatility Memory Forensics Federal Trojan aka R2D2](http://www.evild3ad.com/1136/volatility-memory-forensics-federal-trojan-aka-r2d2/)
2011 October Blog [Volatility Memory Forensics Graphviz](http://www.evild3ad.com/1088/volatility-memory-forensics-graphviz/)
2011 October Blog Ain't Nuthin But a K(Timer) Thing, Baby Michael Ligh (@iMHLv2)
2011 October Blog ZeroAccess, Volatility, and Kernel Timers Michael Ligh (@iMHLv2)
2011 October Video Windows Password Retrieval and Hacking Melissa (@sk3tchymoos3)
2011 September Article CSI:Internet Episode 3: A trip into RAM Frank Boldewin
2011 September Blog MORTO – From a Memory-Dump Point of View p4r4n0id
2011 September Blog Shylock In-Depth Malware Analysis Brad Arndt (@bradarndt)
2011 September Blog toolsmith: Memory Analysis with DumpIt and Volatility Russ !McRee (@holisticinfosec)
2011 September Blog Volatility Memory Forensics Basic Usage for Malware Analysis Evild3ad (@Evild3ad79)
2011 September Blog Zeus Analysis in Volatility 2.0 Brad Arndt (@bradarndt)
2011 September Blog Volatility 2.0 Plugin Vscan Brad Arndt (@bradarndt)
2011 September Blog Volatility 2.0: Timeliner, RegistryAPI, evtlogs and more Jamie Levy (@gleeda)
2011 September Blog Abstract Memory Analysis: Zeus Encryption Keys Michael Ligh (@iMHLv2)
2011 August Slides Linux Memory Analysis Workshop Andrew Case (@attrc)
2011 June Slides Linux Memory Analysis with Volatility Andrew Case (@attrc)
2011 June Paper A survey of main memory acquisition and analysis techniques for the windows operating system Stefan Vomel and Felix C. Freiling
2011 August Blog Volatility 2.0 and OMFW Jamie Levy (@gleeda)
2011 July Blog/Paper Forensic Challenge 2011 - Forensic Analysis of a Compromised Server Mau, Kahlich, Erasmus, Quintero, & Anand
2011 June Blog Stuxnet's Footprint in Memory with Volatility 2.0 Michael Ligh (@iMHLv2)
2011 June Slides Forensic Memory Analysis of Android’s Dalvik VM Andrew Case (@attrc)
2011 May Blog Analyzing Malware Hollow Processes Eric Monti
2011 April Blog Volatility 1.4: new, great (and with a shiny new plugin) lg
2011 April Blog Using "volatility" to study the CVE-2011-0611 Adobe Flash 0-day Andre M. !DiMino (@sempersecurus)
2011 April Blog Volatility 1.4 UserAssist plugin Jamie Levy (@gleeda)
2011 April Blog What's the Difference? (A Brief Volatility 1.4 Plugin Tutorial) Jamie Levy (@gleeda)
2011 April Blog Detecting/Memory Forging Attempt by a Rootkit Michael Ligh (@iMHLv2)
2011 April Blog Investigating Windows Threads with Volatility Michael Ligh (@iMHLv2)
2011 April Blog Applying Forensic Tools to Virtual Machine Introspection Brendan Dolan-Gavitt (@moyix)
2011 April Blog Nuit du hack 2011 CTF Forensic Alexmin
2011 April Blog Apr. 8 CVE-2011-0611 Flash Player Zero day Mila
2011 March Blog Carberp Analysis via Volatility Evilcry
2011 March Blog Update: Volatility printkey Plugin Jamie Levy (@gleeda)
2011 March Blog Volatility 1.4 get_plugins Script Jamie Levy (@gleeda)
2011 March Blog Volatility's New Netscan Module Michael Ligh (@iMHLv2)
2011 March Blog The Mis-leading 'Active' in PsActiveProcessHead and ActiveProcessLinks Michael Ligh (@iMHLv2)
2011 March Blog Automatically Generating Memory Forensic Tools Brendan Dolan-Gavitt (@moyix)
2011 March Blog Analyzing the New Honeynet Memory Analysis Challenge with Volatility Andrew Case (@attrc)
2011 March Blog Bringing Linux Support to Volatility Andrew Case (@attrc)
2011 March Blog Volatility (Undead Security) Matt??
2011 February Blog Shylock via volatility Evilcry
2011 January Blog A Quick Look at Volatility 1.4 RC1 - What's New? Lenny Zeltser (@lennyzeltser)
2011 January Paper De-Anonymizing Live CDs through Physical Memory Analysis Andrew Case (@attrc)
2010 December Blog Identifying Memory Images Jamie Levy (@gleeda)
2010 December Blog Command Line Kung Fu: Episode #127: Making a Difference Hal Pomeranz (@hal_pomeranz)
2010 December Blog REMnux: A Linux Distribution for Reverse-Engineering Malware Lenny Zeltser (@lennyzeltser)
2010 December Blog Peeling Apart TDL4 and Other Seeds of Evil Part I Curt Wilson
2010 November Blog Volatility Memory Forensics lg
2010 Septmeber Blog Recent Advances in Memory Forensics Andreas Schuster (@forensikblog)
2010 August Blog Upated Volatility SQLite plugins Jamie Levy (@gleeda)
2010 July Blog Finding Object Roots in Vista (KPCR) Bradley Schatz
2010 July Blog GDI Utilities: Taking Screenshots of Memory Dumps Brendan Dolan-Gavitt (@moyix)
2010 July Blog Plugin Post: Robust Process Scanner Brendan Dolan-Gavitt (@moyix)
2010 May Blog Memory forensics with SIFT 2.0, Volatility, and PTK Russ !McRee (@holisticinfosec)
2010 May Blog Adding new structure definitions to Volatility Bradley Schatz
2010 April Blog Challenge 3 of the Forensic Challenge 2010 - Banking Troubles @pstutz
2010 April Blog Reading RAM using Firewire muelli
2010 March Paper(s) Challenge 3 of the Forensic Challenge 2010 - Banking Troubles Pascucci, Hudak, and Pulley
2010 February Blog EnCase EnScripts for Memory Forensics Takahiro Haruyama (@cci_forensics)
2010 January Blog Análisis de un caso ¿real?, #3 neofito (@neosysforensics)
2010 January Blog Volatility's Output Rendering Functions Jamie Levy (@gleeda)
2010 January Blog Cross-view analysis with Volatility Andreas Schuster (@forensikblog)
2010 January Blog Using Volatility for Rootkit Detection Xeno Kovah
2009 December Blog New and Updated Volatility Plug-ins Part II Michael Ligh (@iMHLv2)
2009 November Paper Robust Signatures for Kernel Data Structures Brendan Dolan-Gavitt (@moyix)
2009 October Blog Walk-Through: Volatility Batch File Maker and Volatility's ProcDump Forensiczone
2009 October Blog Volatility Batch File Maker Forensiczone
2009 October Blog Volatility 1.3.2 is out! neofito (@neosysforensics)
2009 August Blog Installing Volatility Plugins Jamie Levy (@gleeda)
2009 July Blog Modificando Volatility neofito (@neosysforensics)
2009 July Blog New and Updated Volatility Plug-ins Michael Ligh (@iMHLv2)
2009 June Slides Windows Memory Forensics with Volatility Andreas Schuster (@forensikblog)
2009 May Blog Análisis de un caso ¿real?, #2 neofito (@neosysforensics)
2009 May Blog Volatility Plug-in for IAT/EAT/Inline Hook Detection Michael Ligh (@iMHLv2)
2009 April Blog Reading Passwords from the Keyboard buffer Andreas Schuster (@forensikblog)
2009 April Blog Searching for Mutants Andreas Schuster (@forensikblog)
2009 April Blog Symbolic Link Objects Andreas Schuster (@forensikblog)
2009 April Blog Scanning for Drivers Andreas Schuster (@forensikblog)
2009 April Blog Linking File Objects to Processes Andreas Schuster (@forensikblog)
2009 April Blog Enumerate Object Types Andreas Schuster (@forensikblog)
2009 March Blog Tuneando Volatility neofito (@neosysforensics)
2009 March Blog Análisis de un caso ¿real? neofito (@neosysforensics)
2009 March Blog Volatility y RegRipper, ¡juntos! neofito (@neosysforensics)
2009 March Blog Dumping Memory to Extract Password Hashes CG
2009 March Blog Using Volatility for Introspection Brendan Dolan-Gavitt (@moyix)
2009 March Blog RegRipper and Volatility Prototype Brendan Dolan-Gavitt (@moyix)
2009 March Video Advanced Memory Analysis Brendan Dolan-Gavitt (@moyix)
2009 January Blog Using Volatility (1.3_Beta) Forensiczone
2009 January Blog Memory Registry Tools! Brendan Dolan-Gavitt (@moyix)
2008 November Blog Recovering Coreflood Binaries with Volatility Michael Ligh (@iMHLv2)
2008 November Blog Locating Hidden Clampi DLLs (VAD-style) Michael Ligh (@iMHLv2)
2008 October Blog Plugin Post: Moddump Brendan Dolan-Gavitt (@moyix)
2008 October Slides Upping the ‘Anti’: Using Memory Analysis to Fight Malware AAron Walters
2008 September Blog Window Messages as a Forensic Resource Brendan Dolan-Gavitt (@moyix)
2008 September Paper Forensic analysis of the Windows registry in memory Brendan Dolan-Gavitt (@moyix)
2008 August Blog Auditing the System Call Table Brendan Dolan-Gavitt (@moyix)
2008 August Blog Introducing Volshell Brendan Dolan-Gavitt (@moyix)
2008 August Blog Linking Processes to Users Brendan Dolan-Gavitt (@moyix)
2008 August Paper Digital Forensics Research Workshop 2008 - Submission for Forensic Challenge M. I. Cohen, D. J. Collett, A. Walters
2008 August Slides Volatility 1.3 Open Memory Forensics Workshop AAron Walters
2008 May Blog DFRWS 2008 - Registry Forensics in Memory Brendan Dolan-Gavitt (@moyix)
2007 February Blog 64bit Crash Dumps Andreas Schuster (@forensikblog)
2008 February Paper Using Hashing to Improve Volatile Memory Forensic Analysis AAron Walters
2007 December Blog Searching for Page Directories 3 Andreas Schuster (@forensikblog)
2007 October Blog Hashing of Program Files Andreas Schuster (@forensikblog)
2007 September Paper The VAD Tree: A process-eye view of physical memory Brendan Dolan-Gavitt (@moyix)
2007 August Blog From Volatools to Volatility Andreas Schuster (@forensikblog)
2007 May Blog Copies of Page Directories Andreas Schuster (@forensikblog)
2007 May Blog Searching for Page Directories 2 Andreas Schuster (@forensikblog)
2007 May Blog Searching for Page Directories 1 Andreas Schuster (@forensikblog)
2007 May Blog Walking the VAD Tree Andreas Schuster (@forensikblog)
2007 March Blog Volatools Andreas Schuster (@forensikblog)
2007 February Paper Volatools: Integrating Volatile Memory Forensics into the Digital Investigation Process A. Walters and N. Petroni
2007 January Blog How trustworthy is hardware-based memory acquisition? Andreas Schuster (@forensikblog)
2006 December Blog Crash without CtrlScroll Andreas Schuster (@forensikblog)
2006 October Blog Searching in Pool Allocations Andreas Schuster (@forensikblog)
2006 September Blog Memory dumping over FireWire - UMA issues Arne Vidstrom
2006 July Slides FATKit: Detecting Malicious Library Injection and Upping the “Anti” AAron Walters
2006 June Blog DFRWS 2006 Paper Andreas Schuster (@forensikblog)
2006 June Blog Reconstructing a Binary 3 Andreas Schuster (@forensikblog)
2006 April Blog Reconstructing a Binary 2 Andreas Schuster (@forensikblog)
2006 April Blog Reconstructing a Binary 1 Andreas Schuster (@forensikblog)
2006 April Blog Reconstructing the Process Memory Andreas Schuster (@forensikblog)
2006 March Blog DMP File Structure Andreas Schuster (@forensikblog)
2006 March Blog Converting Virtual into Physical Addresses Andreas Schuster (@forensikblog)
2006 March Blog Search for Processes and Threads Andreas Schuster (@forensikblog)
2006 February Blog Dating the execution of certain routines Andreas Schuster (@forensikblog)
2006 February Blog _DISPATCHER_HEADER Andreas Schuster (@forensikblog)
2006 February Blog More on Processes and Threads Andreas Schuster (@forensikblog)
2006 February Paper FATKit: A Framework for the Extraction and Analysis of Digital Forensic Data from Volatile System Memory Petroni, Walters, Fraser, Arbaugh
2005 December Blog Timestamps in Thread and Process Objects Andreas Schuster (@forensikblog)