Tedi HeriyantoAnnouncing the Official Parity Release of Volatility 3!: https://volatilityfoundation.org/announcing-the-official-parity-release-of-volatility-3/
Extracting Memory Objects with MemProcFS/Volatility3/Bstrings: A Practical Guide: https://medium.com/@cyberengage.org/extracting-memory-objects-with-memprocfs-volatility3-bstrings-a-practical-guide-3e4f84341a74
volatilityThe 2024 @volatility #PluginContest review is complete! We received 6 submissions from 6 countries for 7 #Volatility3 plugins, a Linux profile generation tool & 9 supporting utilities!
We are excited to announce that the @volatility #PluginContest First Place winner is:
Valentin Obst for btf2json
Read the full Contest Results:
https://volatilityfoundation.org/the-2024-volatility-plugin-contest-results-are-in
Congrats to all winners & thank you to all participants!
#DFIR #memoryforensics
The 2024 Volatility Plugin Contest results are in!
Results from the 12th Annual Volatility Plugin Contest are in! We received 6 submissions, from 6 different countries, that included 7 plugins, a Linux profile generation tool, and 9 supporti…
IAintShootinMisDoing some interesting #memoryforensics on @signalapp tonight. Still would trust them with my life, and the lives of my friends, but interesting stuff in the memory.
For instance, people I haven't talked to in 3 years showed up in the memory dump with a field called "SharedGroupNames" that listed every group that both I and that individual were associated with.
Also, the "LastMessage" field was often populated with a plaintext version of the last thing the individual had messaged me.
Volexity 
@volexity Volcano Server & Volcano One v25.02.21 adds 300 new YARA rules; consistent Bash/ZSH history & sessions from Linux/macOS memory and files; and parses Linux systemd journals, macOS unified logs, and Windows USNs (search + timeline for all).
This release also extracts cmd history from Windows 24H2 RAM; and adds admin options for SAML and S3 bucket watching.
For more information about Volcano Server & Volcano One, contact us: https://volexity.com/company/contact/
It’s great to see NCSC drawing attention to the ongoing issues with network devices & appliances. https://www.ncsc.gov.uk/news/cyber-agencies-unveil-new-guidelines-to-secure-edge-devices-from-increasing-threat
Hopefully, vendors will heed the volatile data collection guidance: “Volatile data logging should support collection of… memory both at a kernel and individual process level.”
As reported in several of our recent blog posts, #memoryforensics of edge devices plays a critical role in helping to understand vulnerabilities and perform post-exploitation investigations: https://www.volexity.com/blog/tag/edge-device/
No ‘Ware To Hide!
demorayInterested in searching for unknown malicious software? Our team in Microsoft Research is hiring. The position can be fully remote.
On Thursday, Feb 6, @attrc will be at @WWHackinFest to present "Effectively Detecting Modern Code Injection Techniques with Volatility 3". See the full conference agenda here: https://wildwesthackinfest.com/wild-west-hackin-fest-at-mile-high-2025/agenda-for-wwhf-mile-high-2025/.
#dfir #memoryforensics #Volatility3 @volatility
13reak 
Detected a C2 framework in RAM today with velociraptor. Dumped the process memory with velo, created a zignature with radare2.
Never thought I'd ever reach that level...
Blogpost and velo artifact incoming 
#velociraptor #radare2 #detection #c2 #MemoryForensics #DFIR
@volatility New Release: #volatility3 v2.11.0 - visit https://github.com/volatilityfoundation/volatility3/releases for details and downloads.
