We are writing as the second week of the second installment of the Month of Volatility Plugins is now posted. Volatility 2.3 is currently in beta, and the blog posts are focusing on new features in this version. This week's posts discussed a number of new and updated plugins used to analyze Windows systems. The first post discussed recovering RSA Private Keys and SSL Certificates from memory: http://volatility-labs.blogspot.com/2013/05/movp-ii-21-rsa-private-keys-and… The second post discussed recovering information about unloaded kernel modules from memory: http://volatility-labs.blogspot.com/2013/05/movp-ii-22-unloaded-windows-ker… The third post showed how to create timelines with in-memory data using Volatility: http://volatility-labs.blogspot.com/2013/05/movp-ii-23-creating-timelines-w… The fourth post demonstrated how to recover MFT entries and utilize them during investigations: http://volatility-labs.blogspot.com/2013/05/movp-ii-24-reconstructing-maste… The last post highlighted a number of new and updated plugins that are very useful during investigations: http://volatility-labs.blogspot.com/2013/05/movp-ii-25-new-and-improved-win… We hope you enjoy the posts, and the third week of posts will begin tomorrow and cover a number of new plugins to help analyze Linux and Android samples. If you have any questions or comments please comment on an individual blog post or reply to this email. Thanks, Andrew (@attrc)