volatility | So Long, and Thanks for All the Fish

How to read Windows Hibernation file (hiberfil.sys) to extract forensic data?

Posted on May 15, 2019May 8, 2019 by Andrea Fortuna

The #hibernation file (hiberfil.sys) is the file used by default by #Microsoft #Windows to save the machine’s state as part of the hibernation process. #dfir #cybersecurity #volatility

How to analyze a VMware memory image with Volatility

Posted on April 3, 2019February 13, 2019 by Andrea Fortuna

A very brief post, just a reminder about a very useful volatility feature.

AutoTimeliner: automatically extract forensic timeline from memory dumps

Posted on November 19, 2018November 21, 2018 by Andrea Fortuna

Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.

Malhunt: automated malware search in memory dumps

Posted on July 30, 2018July 23, 2018 by Andrea Fortuna

Recently i’ve published this post focused on hunting malware using volatility and Yara rules.

Digital forensics chronicles: image identification issues on large memory dump with Volatility

Posted on July 25, 2018July 19, 2018 by Andrea Fortuna

Spoiler: shame on DumpIT!

Older posts →