[Vol-users] New and Updated Volatility Plug-ins

http://mnin.blogspot.com/2009/07/new-and-updated-volatility-plug-ins.html Volatility contributor Michael Hale Ligh has recently released a number of new and updated plugins. * idt.py: printing the Interrupt Descriptor Table (IDT) addresses * driverirp.py: printing driver IRP function addresses * usermode_hooks2.py: updated usermode hook detection plug-in * kernel_hooks.py: detects IAT, EAT, and in-line hooks in kernel drivers * orphan_threads.py: detects hidden system/kernel threads * malfind2.py: updated plugin for detecting hidden/injected code in usermode processes His blog post also demonstrates how each plugin can be useful for detecting different types of malware. Please take some time to test these plugins and send Michael any feedback you may have. Shouts to MHL for his contributions to the Volatility community! Thanks, AW