volatility | So Long, and Thanks for All the Fish

How to analyze a VMware memory image with Volatility

Posted on April 3, 2019February 13, 2019 by Andrea Fortuna

A very brief post, just a reminder about a very useful volatility feature.

AutoTimeliner: automatically extract forensic timeline from memory dumps

Posted on November 19, 2018November 21, 2018 by Andrea Fortuna

Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.

Malhunt: automated malware search in memory dumps

Posted on July 30, 2018July 23, 2018 by Andrea Fortuna

Recently i’ve published this post focused on hunting malware using volatility and Yara rules.

Digital forensics chronicles: image identification issues on large memory dump with Volatility

Posted on July 25, 2018July 19, 2018 by Andrea Fortuna

Spoiler: shame on DumpIT!

Finding malware on memory dumps using Volatility and Yara rules

Posted on July 16, 2018July 5, 2018 by Andrea Fortuna

Previously i’ve talked a lot about Volatility, and i’ve published also some articles about YARA. Today i’d like share a brief and simple workflow, useful for a first high-level analysis of memory dumps in order to search the presence of a generic malware.

Older posts →