We are writing as the second week of the second installment of the
Month of Volatility Plugins is now posted. Volatility 2.3 is currently
in beta, and the blog posts are focusing on new features in this
version. This week's posts discussed a number of new and updated
plugins used to analyze Windows systems.
The first post discussed recovering RSA Private Keys and SSL
Certificates from memory:
http://volatility-labs.blogspot.com/2013/05/movp-ii-21-rsa-private-keys-and.html
The second post discussed recovering information about unloaded kernel
modules from memory:
http://volatility-labs.blogspot.com/2013/05/movp-ii-22-unloaded-windows-kernel_22.html
The third post showed how to create timelines with in-memory data
using Volatility:
http://volatility-labs.blogspot.com/2013/05/movp-ii-23-creating-timelines-with.html
The fourth post demonstrated how to recover MFT entries and utilize
them during investigations:
http://volatility-labs.blogspot.com/2013/05/movp-ii-24-reconstructing-master-file.html
The last post highlighted a number of new and updated plugins that are
very useful during investigations:
http://volatility-labs.blogspot.com/2013/05/movp-ii-25-new-and-improved-windows.html
We hope you enjoy the posts, and the third week of posts will begin
tomorrow and cover a number of new plugins to help analyze Linux and
Android samples.
If you have any questions or comments please comment on an individual
blog post or reply to this email.
Thanks,
Andrew (@attrc)
Rabu, 29 Mei 2013
0 Response to "Second Week of Month of Volatility Plugins II is posted"
Posting Komentar