Did everyone miss me? :P
Things have been... how do you say, absolutely crazy at work. This has affected my blogging dear readers, but I am sure you have been keeping yourselves busy. One thing I know I am eagerly looking to catch up on is the Month of Volatility Plugins which conludes this week at OMFW in Herndon. Volatility 2.2 will be officially released (you can already grab it for testing and bug finding) as well as all these additional goodies! I can't wait to go thru all the new plugins and see how they will drastically change my investigations, and hopeully update some classroom material to add the content.
If anyone performs memory analysis, and doesn't have the couple thousand dollars for HB Gary.... Volatility is where it is at.
Things have been... how do you say, absolutely crazy at work. This has affected my blogging dear readers, but I am sure you have been keeping yourselves busy. One thing I know I am eagerly looking to catch up on is the Month of Volatility Plugins which conludes this week at OMFW in Herndon. Volatility 2.2 will be officially released (you can already grab it for testing and bug finding) as well as all these additional goodies! I can't wait to go thru all the new plugins and see how they will drastically change my investigations, and hopeully update some classroom material to add the content.
If anyone performs memory analysis, and doesn't have the couple thousand dollars for HB Gary.... Volatility is where it is at.
2 comments:
Hi I would like to know how to reconstruct a virtual address space using using the PDB to extract keys stored by TRUE CRYPT
I am not sure I understand what you are asking, using a debug file? If you have the memory dump, you could use bulk_extractor to grab the aes master key....
Post a Comment