Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.
Tag: volatility
How to read Windows Hibernation file (hiberfil.sys) to extract forensic data?
The #hibernation file (hiberfil.sys) is the file used by default by #Microsoft #Windows to save the machine’s state as part of the hibernation process. #dfir #cybersecurity #volatility
How to analyze a VMware memory image with Volatility
A very brief post, just a reminder about a very useful volatility feature.
AutoTimeliner: automatically extract forensic timeline from memory dumps
Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.
Malhunt: automated malware search in memory dumps
Recently i’ve published this post focused on hunting malware using volatility and Yara rules.