Re: [Vol-users] Volatility's Network Connections
10 May
2009
10 May
'09
11:03 p.m.
David,
To your point about analyzing network connections, I
have recently
observed cases where Volatility "connections" produces no output at all
and HBGary does. In that situation Volatility "connscan" does find
connections, but the lists doesn't 100% match HBGary.
Did you send in a bug report? Are you sure you are using the most up to
date version of "connscan" or connscan2? Have you done any research into
why this may be happening?
I am also a little concerned about what appears to me
to be a drop in
development activity around Volatility. Is Mandiant Memoryze going to
take over the top slot? Right now, I see Mandiant Memoryze as third
best behind HBGary and Volatility, but Volatility can't stand still.
Ahhhh...I wouldn't say that development has dropped off. In fact, I know
of a number of amazing projects leveraging the power of Volatility.
There is probably more development going on now than ever before.
Unfortunately, many of the devs have changed the method that they are
releasing plugins/projects or have decided not to release them publicly.
If you are concerned about a drop in development, please feel free to get
involved. This really is a community effort.
For example, does anyone know if there any plans to
provide
functionaility similar to HBGary's new Digital DNA in Volatility?
Do you think this would be an useful endeavor? If so, please feel free to
start leading up such an effort. I'm not totally convinced simply telling
me what APIs are being used is particularly useful.
Thanks,
AW