Tuesday, May 22, 2018

The 6th Annual Volatility Plugin Contest and the Inaugural Volatility Analysis Contest!

We are excited to announce that the 2018 Volatility Plugin Contest and the 2018 Volatility Analysis Contest are now accepting submissions until October 1, 2018. Winners of each contest will be receiving over $2500 in cash prizes and the highly coveted Volatility swag (t-shirts, stickers, etc.)!

Volatility Plugin Contest

Heading into its sixth year, the Volatility Plugin Contest encourages research and development in the field of memory analysis. The contest provides an opportunity for people to get industry-wide visibility for their work, to put groundbreaking capabilities immediately into the hands of investigators, and to contribute back to the open source forensics community. Not to mention, the opportunity to win cash and prizes. We are thankful to Magnet Forensics for donating $2500 in support of this year’s Volatility Plugin Contest.
If you are looking for inspiration for the Volatility Plugin Contest, please check out the previous results.

Volatility Analysis Contest

As a result of Magnet Forensic’s contribution, we decided to use the original prize money to launch the first Volatility Analysis Contest. The Volatility Analysis Contest is intended to encourage people to share the creative ways they are using Volatility to augment their analysis efforts. For example, it may include techniques for augmenting their malware analysis, expediting reverse engineering, finding critical artifacts during an investigation, or triaging new indicators. The goal is to write an analysis report detailing how Volatility was used to find relevant artifacts within memory. If you are looking for ideas for the Volatility Analysis Contest, find a sophisticated malware sample or attack framework and document how Volatility can be used to find its artifacts in memory. Previous examples from the Volatility team include: Stuxnet, Phalanx, and Careto.


Thanks again to Magnet Forensics for their generous donation and support! We would also like to thank Volexity and our other sustaining donors for their continued support.

If you have any questions, please feel free to reach out to us!

Wednesday, February 28, 2018

Malware and Memory Forensics Training Headed to Herndon and Amsterdam!

After another highly successfully year of our Malware and Memory Forensics training, which included sold-out public trainings in Herndon, VA and London as well as several private trainings, we are excited to announce our lineup of public trainings for 2018.

Our first offering will be back in Herndon in April from the 16th to the 20th. This class is already over 80% full, so please contact us ASAP if you wish to attend this offering.

We will also be back in Herndon for the week of October 15th to the 19th.  Our Fall classes in the Herndon/Reston area have consistently been the fastest to sell out, so please lock in your seat as early as possible.

Finally, we will be returning to Europe with an offering in Amsterdam in September from the 4th to the 7th. Please note that this class will run Tuesday-Friday instead of the normal Monday-Friday. To make up for the missing time, the Tuesday-Friday sessions will each run until 6PM. 

Our course is constantly evolving in order to cover the latest operating system updates, malware techniques, and attacker tactics. The following highlights some of the new material for our 2018 offerings:
  • The effects of Meltdown  and Spectre on memory forensic acquisition and analysis
  • The effects of Intel’s SGX, TME, and MPX extensions on memory forensic acquisition and analysis
  • The latest tactics of highly advanced threat groups against whom we have performed real-world analysis, such as OceanLotus
  • The introduction of Surge Collect Pro for Linux 
  • Updated coverage of the security features introduced in Windows 10

As we have in years' past, we will continue to give out tons of swag, including a copy of the Art of Memory Forensics in either digital or printed form:


As well as running our highly popular CTF on the last day of class:



In closing this update, we would again like to thank the DFIR community for its continued support of the Volatility project and our associated training course.   If you will be at BSidesNOLA, Black Hat Vegas, or OSDFCon later this year then please come introduce yourself in person!

-- The Volatility Team