We were writing to let everyone know that our highly popular and
technical training, "Malware and Memory Forensics with Volatility",
has been fully converted to Volatility 3 as well as significantly
updated.
The updates include many completely new sections, rewrites of existing
ones, and 8 new, in-depth labs.
The course is available online in a self-paced format and will be run
live in Arlington, VA in October.
Full details can be found on the course page:
https://memoryanalysis.net/courses-malware-memory-forensics/
PS: If you previously took the course and want to retake, then please
contact us for a significant alumni discount.
The Volatility Team is very excited to announce the official Parity
Release of Volatility 3!
This release is not only capable of fully replacing all of Volatility
2’s features, but it also incorporates support for all the latest
operating system versions plus all the latest memory forensics
research.
With this release, Volatility 2 is now deprecated, and its GitHub
project has been archived.
Our announcement blog post details the new features, many of the new
plugins, and tells you how to get started with Volatility 3.
https://volatilityfoundation.org/announcing-the-official-parity-release-of-…
Our team is incredibly grateful for the continued support from our
community, and we hope that you all enjoy Volatility 3 for many years
to come.
-- The Volatility Team
We are very excited to announce that we (The Volatility Foundation)
are hosting a week of Volatility events in October in Arlington, VA!
The week will start with our From the Source event on Monday October
21st. FTS is a one-day conference with speakers across two tracks, and
we have chosen speakers from across the industry who have recently
published ground-breaking research in the areas of memory forensics,
malware analysis, threat intelligence, and other related technical
fields. The day will conclude at the International Spy Museum where we
have booked out the entire venue for our attendees to network and
enjoy. All proceeds from this event will be donated to Connect Our
Kids, a 501(c)(3) nonprofit that is pioneering technology to find
families, build connections, and create community for children in the
foster care system.
From Tuesday the 22nd through Friday the 25th, we will be hosting the
first offering of our popular Malware and Memory Forensics with
Volatility training that is focused exclusively on Volatility 3. This
event will allow attendees to be in the first set of students to learn
Volatility 3 directly from the core development team. We have also
significantly updated the course curriculum and created many new labs.
Those who register for this training will receive complimentary access
to FTS.
Full details of both events can be found here:
https://volatilityfoundation.org/from-the-source-memory-forensics-training/
Please let us know if you have any questions, and we are looking
forward to seeing many of our community members in October!
-- The Volatility Team
The 2024 Volatility Plugin Contest is officially open for submissions!
This is your opportunity to directly contribute to the open-source
forensics community and put groundbreaking capabilities into the hands
of digital investigators.
Gain industry-wide visibility for your work, contribute to an
important open-source project, and win cash, swag, and other great
prizes!
The contest is designed to encourage research and development in the
field of memory analysis – a critical field given the prevalence of
memory-only payloads, malware, and rootkits.
Submissions will be accepted until December 31, 2024.
Full details can be found on our announcement page:
https://volatilityfoundation.org/volatility-plugin-contest/
We are looking forward to another year of creative submissions!
-- The Volatility Team
We are very excited that, for the first time, we are hosting an
in-person, public offering of our popular Malware and Memory Forensics
Training focused solely on Volatility 3! This training takes place
October 22–25, 2024, in Arlington, VA.
This course will allow students to learn the latest version of the
Volatility framework directly from members of the core development
team. Students will also be the first to experience many new lecture
sessions and labs that have been incorporated into the course.
As an added bonus, students who register for this in-person training
will receive a complimentary pass to our “From the Source” event
taking place on October 21, 2024.
For full information on the course and From the Source, please see our
recent blog post:
https://volatilityfoundation.org/in-person-malware-and-memory-forensics-tra…
We are looking forward to seeing many of our community members this
October in Arlington!
-- The Volatility Team
In celebration of the 10th anniversary of The Art of Memory Forensics
and our recent push for Volatility 3 feature parity, we are excited to
announce that we are hosting the first Volatility Foundation
conference, From the Source (FTS) , which will be held in Arlington,
VA on October 21, 2024! This event is an intimate one-day summit
offering a unique opportunity to connect in person with pioneering
researchers and practitioners who work on the most advanced digital
investigations. The conference agenda consists of two parallel tracks:
one track is focused on the “makers” who build the open-source tools
relied upon by modern digital investigators; the second track
highlights the “hunters” who have discovered some of the biggest
intrusions of the past year. Unlike most conferences in cybersecurity
these days, we wanted to return the focus to the people who actually
do the technical work! Be sure to follow @Volatility on social media,
as we will be announcing an exciting roster of talks over the next
couple of weeks.
Join industry-leading digital investigators from commercial, academic,
and government organizations from around the world who are looking for
technical content about digital investigations. As a non-profit
charitable event, 100% of the proceeds of the registration fee will be
donated to “Connect Our Kids”, which leverages technology to help
vulnerable children and their families.
As contributors to Volatility and members of the Volatility community,
we wanted to extend an early VIP registration in appreciation of the
years of contributions and support!
- To register for From The Source:
https://events.humanitix.com/from-the-source-hosted-by-the-volatility-found…
- Use access code VOLCOMMUNITY17 to obtain a discounted, early access rate.
- Note that the early registration discount will expire on July 15, 2024.
- There are a limited number of tickets, so register early!
For the remainder of the week following the summit, the Volatility
core development team will also be hosting the first offering of the
Malware & Memory Forensics Training course in person that is focused
exclusively on Volatility 3.
- To register for the Malware & Memory Forensics Training on
Volatility 3: https://events.humanitix.com/malware-and-memory-forensics-training-on-volat….
- It may show it is Sold out; just choose the “Join waitlist” option
to begin the registration process.
- Registration for this in-person training includes a complimentary
pass to the conference.
Please let me know if you have any questions or concerns.. We hope you
will consider attending, and we look forward to seeing you!
-- The Volatility Team
We just published a new blog post that details our effort to recover
raw sockets on Windows 10+ systems.
This included reversing of the Windows network stack, verification of
recovery across all operating system versions, and creation of a new
Volatility 3 plugin that automates the recovery.
https://volatility-labs.blogspot.com/2023/08/memory-forensics-r-d-illustrat…
We hope that you enjoy it!
-- The Volatility Team
We are excited to announce that our Malware and Memory Forensics
training course is headed to Amsterdam in October!
Complete details can be found on our blog post announcing the course:
https://volatility-labs.blogspot.com/2023/06/malware-and-memory-forensics-t…
This course is completely updated to cover the latest malware and
threats against Windows 10 and 11 as well as the latest versions of
Linux and Apple Silicon devices.
If you would like to see an example of the research presented in this
course, then check out our recent blog post on detecting hidden
services in Windows 10+ memory samples:
https://volatility-labs.blogspot.com/2023/03/memory-forensics-r-d-illustrat…
We hope to see many of you October!
PS: We will be in Vegas this summer, so please let us know if you
would like to meet up with some of the developers!
-- The Volatility Team
The Computer Science department at Louisiana State University (LSU) is
currently hiring for many faculty positions related to applied cyber
security. Courses taught inside this department include reverse
engineering, malware analysis, binary exploitation, memory forensics
and other intensive courses related to incident response and offensive
security.
Ideal candidates will have significant experience with deeply
technical areas of cybersecurity. LSU was recently granted the CAE-CO
designation and is one of only 21 schools nation-wide to hold it as it
is the most technical designation granted by NSA and DHS. The
department also runs a large SFS program for cyber security students.
If you are interested in one of these positions, then please see the
following link. I also ask my industry contacts to please spread the
word within academic communities that you have access to:
https://lsu.wd1.myworkdayjobs.com/en-US/LSU/job/3325-Patrick-F-Taylor-Hall/…
The cybersecurity effort at LSU has strong support from the highest
levels of the school and is rapidly expanding – so now is the perfect
time to join.
PS: I am not employed by LSU, but do work very closely with the CS
department to ensure the courses are relevant to industry and rigorous
enough for students to leave with real-world, hands-on experience. If
you have questions related to the position, then please direct them to
Dr. Golden Richard at LSU: https://www.cct.lsu.edu/~golden/
Thanks,
Andrew
We just published a blog post on creating new Volatility 3 plugins to detect hidden services on Windows:
https://volatility-labs.blogspot.com/2023/03/memory-forensics-r-d-illustrat…
The post covers background on how malware abuses services, how services are tracked on a live system, and how we developed our new plugins.
Feedback and comments encouraged!
— The Volatility Team
