[Vol-users] One-byte Modification for Breaking Memory Forensic Analysis.

In case you missed it, this is an interesting paper how how to frustrate a few free memory forensic tools using one-byte modifications to main computer memory: https://media.blackhat.com/bh-eu-12/Haruyama/bh-eu-12-Haruyama-Memory_Foren…. The paper examines potential single points of failure in 3 free memory forensic tools: 1. Volatility 2. Memoryze 3. Responder Community Edition The reliability of memory forensic tools (both acquisition and analysis) is a topic which to date has received very little attention (except on the part of the "bad guys"). Hence, this paper provides some welcome relief. The paper is marred however by its focus exclusively on free tools. The commercial tools which cost $10K or $100K also may have defects and it would be interesting to know how they compare to the free tools. As I remember it, at least one of the commercial tools has a license provision which prevents you from telling anyone if you find a defect. So perhaps the author limited his focus due to legal constraints.