tag:blogger.com,1999:blog-76939617274886387882024-03-18T05:48:20.402-04:00[Archive of Volatility Labs]<strong>This site is an archive of the Volatility Labs blog. The blog has moved to <a href="https://volatilityfoundation.org/volatility-blog/">https://volatilityfoundation.org/volatility-blog/</a></strong>Jamie Levyhttp://www.blogger.com/profile/16089000750284843256noreply@blogger.comBlogger149125tag:blogger.com,1999:blog-7693961727488638788.post-71183612746354559922023-08-14T09:10:00.001-04:002023-08-14T10:05:18.920-04:00Memory Forensics R&D Illustrated: Recovering Raw Sockets on Windows 10+ As mentioned in a recent blog post, our team is once again offering in-person training, and we have substantially updated our course for this occasion. Our next offering will be in Amsterdam in October 2023. To showcase our team’s new research, we are publishing a series of blog posts to offer a sneak peek at the types of analysis incorporated into the updated Malware & Memory Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.comtag:blogger.com,1999:blog-7693961727488638788.post-15647164052328407992023-07-18T13:18:00.002-04:002023-07-18T13:19:48.664-04:00The 11th Annual Volatility Plugin Contest!We are excited to announce that the 11th Annual Volatility Plugin Contest is now open! This is your chance to gain industry-wide visibility for your work, contribute to an important open-source project, and win a cash prize!Volatility Plugin ContestThe Volatility Plugin Contest is an excellent opportunity to put groundbreaking capabilities into the hands of investigators and contribute Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.comtag:blogger.com,1999:blog-7693961727488638788.post-38103733163954098302023-06-05T14:55:00.001-04:002023-06-05T14:55:42.672-04:00Malware and Memory Forensics Training Headed to Amsterdam in October 2023!We are very excited to announce the next public offering of our Malware and Memory Forensics with Volatility training course! This fall, our course will be held in Amsterdam on Monday, October 2, through Friday, October 6. Course content was recently updated with a significant amount of new material to cover the latest acquisition and analysis techniques for Windows 10 and 11, as well Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.comAmsterdam, Netherlands52.3675734 4.904138924.057339563821152 -30.2521111 80.677807236178836 40.0603889tag:blogger.com,1999:blog-7693961727488638788.post-88357844995421421282023-03-22T14:05:00.001-04:002023-06-15T10:47:50.295-04:00Memory Forensics R&D Illustrated: Detecting Hidden Windows ServicesAs mentioned in a recent blog post, our team is once again offering in-person training, and we have substantially updated our course for this occasion. Over the next several weeks, we will be publishing a series of blog posts, offering a sneak peek at the types of analysis incorporated into the updated Malware & Memory Forensics training course.IntroductionTo begin the series, this post Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.comtag:blogger.com,1999:blog-7693961727488638788.post-52650573177199288312023-02-24T10:28:00.001-05:002023-02-24T10:28:14.936-05:00The 2022 Volatility Plugin Contest results are in! Results from the 10th Annual Volatility Plugin Contest are in! There were 8 submissions this year, including submissions from 2 contestants from previous years who have continued to build on their previous work. Submissions included updates to graphical interfaces, plugins to detect Linux rootkits, plugins to extract threat actor activity despite anti-forensics techniques, and a new analytical Michael Hale Lighhttp://www.blogger.com/profile/17377327006242921434noreply@blogger.comtag:blogger.com,1999:blog-7693961727488638788.post-3663685199142465932023-01-30T14:41:00.001-05:002023-01-30T14:41:37.400-05:00 The Return of In-Person Volatility Malware and Memory Forensics Training!We are excited to announce that we are resuming our in-person Malware and Memory Forensics with Volatility training course! From Fall 2012 until Spring 2020, this course ran multiple times a year and taught hundreds of students how to apply memory forensics to their incident response and malware analysis workflows. Since Spring 2020, the course has been delivered in a virtual, Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-32854713419298884812022-07-05T16:07:00.001-04:002022-07-05T16:07:23.578-04:00The 10th Annual Volatility Plugin Contest!This year not only marks 15 years since the first public release of Volatility, we are also excited to announce the 10th annual Volatility Plugin Contest is now open! Submissions will be accepted until December 31, 2022.Volatility Plugin ContestThe 2022 Volatility Plugin Contest is your chance to get industry-wide visibility for your work, put groundbreaking capabilities into Michael Hale Lighhttp://www.blogger.com/profile/17377327006242921434noreply@blogger.comtag:blogger.com,1999:blog-7693961727488638788.post-68619613922935948172022-02-18T11:32:00.000-05:002022-02-18T11:32:21.661-05:00The 2021 Volatility Plugin Contest results are in!Results from the 9th Annual Volatility Plugin Contest are in! And this year, there were 7 submissions from 7 different countries! Submissions included a new web interface, a new address layer, 6 updates to existing plugins, and 15 new Volatility 3 plugins. Once again, we would like to thank the participants for their hard work on their submissions and contributions to Volatility. As in previous Michael Hale Lighhttp://www.blogger.com/profile/17377327006242921434noreply@blogger.comtag:blogger.com,1999:blog-7693961727488638788.post-29621982285457530112022-01-18T16:18:00.001-05:002022-01-19T10:32:33.978-05:00Malware and Memory Forensics Training in 2022!Over the last few months, we have received many questions about when our Malware and Memory Forensics training would return to in-person learning. Given that a new year is nearly here, and the rate of inquiries has continued to increase, we wanted to document our plans going forward in a publicly available blog post, as opposed to only fielding questions individually.Virtual Course Remains Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.comtag:blogger.com,1999:blog-7693961727488638788.post-89631535139971641272021-10-15T13:59:00.002-04:002021-10-15T16:33:20.303-04:00Memory Forensics R&D Illustrated: Detecting Mimikatz's Skeleton Key AttackIn this blog post, we are going to walk you through the research and development process that leads to new and powerful memory analysis capabilities. We are often asked about what this workflow looks like, and how the abuse of an API by malware or a new code injection technique can be successfully uncovered by a Volatility plugin. To showcase this process, we are going to analyze the Skeleton KeyAndrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.comtag:blogger.com,1999:blog-7693961727488638788.post-18580030629272643102021-08-11T14:08:00.000-04:002021-08-11T14:08:57.780-04:00The 9th Annual Volatility Plugin Contest!The 9th annual 2021 Volatility Plugin Contest is now open! We will be accepting submissions until December 31, 2021.Volatility Plugin ContestAs in previous years, the 2021 Volatility Plugin Contest encourages research and development in the field of memory analysis. Your submissions provide an opportunity to get industry-wide visibility for your work, put groundbreaking Michael Hale Lighhttp://www.blogger.com/profile/17377327006242921434noreply@blogger.comtag:blogger.com,1999:blog-7693961727488638788.post-73170613452473251402021-05-07T15:13:00.000-04:002021-05-07T15:13:17.511-04:00Highlighting Research from the Next Generation of Memory Forensics PractitionersNearly 2 years ago, we published a blog post about our collaboration with Dr. Golden G. Richard III at the Louisiana State University (LSU) Center for Computation and Technology (CCT). We are very happy to report that this collaboration is still going strong, has been a huge success, and has helped the Applied Cybersecurity Lab at LSU flourish. The students from LSU who have Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-68216030063762395462021-01-26T11:06:00.007-05:002021-01-26T11:25:45.463-05:00Malware and Memory Forensics Training Goes Virtual!We are very excited to announce that our popular Malware and Memory Forensics with Volatility training is now available in a self-paced, online format!Brought to you by members of the Volatility Team, this course gives you the opportunity to learn directly from the people behind the research and development of Volatility, and it offers you a chance to support our ongoing efforts.The CourseOur Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-73377872860430147122020-11-18T15:34:00.000-05:002020-11-18T15:34:47.211-05:00The 2020 Volatility Plugin Contest results are in!We would like to begin by thanking the participants for their hard work and contributions to Volatility. It’s always exciting to see continued innovation in the field of memory forensics from research teams across the globe! Despite the challenges of this unprecedented year, we had 8 submissions, including a number of new plugins, an output renderer, and a new graphical user interface. This Michael Hale Lighhttp://www.blogger.com/profile/17377327006242921434noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-63029799475465138952020-05-27T10:58:00.001-04:002020-05-27T13:15:14.272-04:00When Anti-Virus Engines Look Like Kernel RootkitsWhile analyzing real-world systems, memory analysts will often encounter anti-virus (AV) engines, EDRs, and similar products that, at first glance, look suspiciously like malware. This occurs because these security products leverage the same techniques commonly employed by malware—such as API hooking, system call hooking, and registering callbacks—in order to gain the insight they need to detect Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-62317939625932183182020-05-15T16:40:00.000-04:002020-05-15T16:40:20.328-04:00The 8th Annual Volatility Plugin Contest!We are excited to announce that the 8th annual 2020 Volatility Plugin Contest is now accepting submissions until October 1, 2020!
Winners will receive over 3750 USD in cash prizes!
Volatility 3
The 2020 Volatility Plugin Contest encourages research and development in the field of memory analysis. With the announcement of the Volatility 3 Public Beta (blog post and recent Michael Hale Lighhttp://www.blogger.com/profile/17377327006242921434noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-18463335970843899162019-11-15T12:17:00.000-05:002019-12-03T16:27:41.732-05:00Results from the 2019 Volatility Contests are in!We would like to begin by thanking the participants in this year’s contests! This was one of the hardest years for our panel of judges since it had so many outstanding submissions. In the Plugin Contest, there were 11 submissions, which included over 30 new plugins across 3 operating systems. It was also great to see repeat contestants in both the Plugin Contest and the Analysis Contest, and Michael Hale Lighhttp://www.blogger.com/profile/17377327006242921434noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-41006763090930469882019-10-29T12:52:00.002-04:002019-10-29T12:57:47.938-04:00Announcing the Volatility 3 Public Beta!The Volatility Team is very excited to announce the first public beta release of Volatility 3!
We presented this beta for the first time to OSDFCon attendees and received a very warm reception both during and after our presentation. As always, we are very grateful to our community for the years of support given to our trainings, book, invited speaking engagements, plugin contests, and otherAndrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-8054703506730488272019-10-22T11:03:00.000-04:002020-03-20T12:01:00.612-04:00Volatility Malware and Memory Forensics Training in 2020!We are excited to announce that in 2020 we will have 4 public offerings of our highly popular Malware and Memory Forensics training course. These offerings include:
March 9-13, San Diego, CA
April 20-24, Herndon, VA
September 21-25, Amsterdam, NL
October 19-23, Herndon, VA [Date revised from original announcement]
Our incident-driven, cutting-edge material is one of the main Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-84176691405996646612019-07-03T09:09:00.000-04:002019-07-26T10:19:58.693-04:00Helping to Build the Next Generation of Memory Forensics Researchers and Practitioners
The Volatility Foundation strives to help build and enhance the memory forensics field. This includes funding and supporting the Volatility Plugin and Analyst Contests; sponsoring conferences significant to the open source digital forensics community, such as OSDFCON and BSidesNOLA; and maintaining the Volatility Memory Analysis Framework.
For the past year and aAndrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-73862197182273488602019-06-17T11:48:00.000-04:002019-06-17T11:48:19.827-04:00The 7th Annual Volatility Plugin Contest & the 2nd Annual Volatility Analysis Contest!It’s that time again! We are happy to announce that the 2019 Volatility Plugin Contest and the 2019 Volatility Analysis Contest are now accepting submissions until October 1, 2019. Winners of each contest will be receiving over 2500 USD in cash prizes and, of course, the highly coveted Volatility swag (t-shirts, stickers, etc.)!
Volatility Plugin Contest
Heading into its seventh year, the Michael Hale Lighhttp://www.blogger.com/profile/17377327006242921434noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-81749543935365621822018-11-30T10:53:00.000-05:002019-08-13T12:01:07.118-04:00Malware and Memory Forensics Training in 2019!We are excited to announce that in 2019 we will have 3 public offerings of our highly popular and newly updated Malware and Memory Forensics training course. If you would like to join us, our international course will be in London in September, and our US course will be back in Reston/Herndon, VA, during the week of April 8-12, and also in October. We will announce the specific weeks ofAndrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-13132234032338019912018-11-16T12:52:00.000-05:002018-11-16T12:52:08.827-05:00Results from the 2018 Volatility Contests are in!Let’s begin by thanking all of the participants in this year’s contests! This year we hosted the 6th Annual Volatility Plugin Contest, and we introduced the Inaugural Analysis Contest. We were encouraged to see submissions from our community members around the globe. As in previous years of the Plugin Contest, there were a lot of exciting submissions spanning tools created by practitioners in theMichael Hale Lighhttp://www.blogger.com/profile/17377327006242921434noreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-28796814598369059082018-05-22T21:26:00.000-04:002018-05-22T21:26:36.228-04:00The 6th Annual Volatility Plugin Contest and the Inaugural Volatility Analysis Contest!We are excited to announce that the 2018 Volatility Plugin Contest
and the 2018 Volatility Analysis Contest are now accepting submissions until October 1, 2018. Winners of each contest will be receiving over
$2500 in cash prizes and the highly coveted Volatility swag (t-shirts,
stickers, etc.)!
Volatility Plugin Contest
Heading into its sixth year, the Volatility Plugin Contest encourages Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-7693961727488638788.post-61580252105554681672018-02-28T10:26:00.001-05:002018-02-28T11:04:32.904-05:00Malware and Memory Forensics Training Headed to Herndon and Amsterdam!After another highly successfully year of our Malware and Memory Forensics training, which included sold-out public trainings in Herndon, VA and London as well as several private trainings, we are excited to announce our lineup of public trainings for 2018.
Our first offering will be back in Herndon in April from the 16th to the 20th. This class is already over 80% full, so please contact us Andrew Casehttp://www.blogger.com/profile/11014708860635242525noreply@blogger.com0