We are writing as the third week of the second installment of the
Month of Volatility Plugins is now posted. Volatility 2.3 is currently
in beta, and the blog posts are focusing on new features in this
version. This week's posts discussed a number of new and updated
plugins used to analyze Linux and Android systems.
The first post covered two new methods to detect kernel-level keyloggers:
http://volatility-labs.blogspot.com/2013/05/movp-ii-31-linux-checktty.html
The second post covered using Python and Yara to help with Linux &
Android memory analysis:
http://volatility-labs.blogspot.com/2013/05/movp-ii-32-linuxandroid-memory.…
The third post discussed the updated and now automated bash history scanner:
http://volatility-labs.blogspot.com/2013/05/movp-ii-33-automated-linuxandro…
The fourth post discussed checking the ARM (Android) system call table
and exception vector table for signs of rootkits:
http://volatility-labs.blogspot.com/2013/06/movp-ii-34-checking-arm-android…
The fifth post discussed utilizing the kmem_cache on Android systems:
http://volatility-labs.blogspot.com/2013/06/movp-ii-35-utilizing-kmemcache-…
We hope you enjoy the posts, and the fourth and final week of posts
will begin tomorrow and cover a number of new plugins to help analyze
Mac samples.
If you have any questions or comments please comment on an individual
blog post or reply to this email.
Thanks,
Andrew (@attrc)