To kickstart this new blog and celebrate the upcoming Open Memory Forensics Workshop (OMFW) 2012 and Volatility 2.2 release, we're announcing Month of Volatility Plugins (MoVP). Every day (M-F) for the 3 weeks leading up to OMFW 2012 and 1 week during the conference, a member of the Volatility team will introduce a new plugin on this blog. Each plugin will describe a brand new capability exclusive to Volatility that deals with analyzing Windows or Linux RAM dumps for malware infections or compromises.
Q. When does MoVP begin?
A. Monday, September 10th 2012
Q. When does MoVP end?
A. Friday, October 5th 2012
Q. When will the plugins from MoVP be available?
A. Volatility 2.2
Q. What OS will the plugins from MoVP cover?
A. Windows: all service packs from 32- and 64-bit XP, Server 2003, Server 2008 and 2008 R2, Vista, and Seven. Linux: 32- and 64-bit kernels 2.6.x to 3.x from OpenSuSE, Debian, Ubuntu, Fedora, CentOS, and Mandriva (other distributions may also be supported).
Q. Will MoVP plugins be described anywhere else?
A. They'll be presented at OMFW 2012. Following the conference, a PDF will be released.