[Vol-users] Volatile Week (New Plugins)

vol-users, In case any subscribers don't follow the Volatility tumblr (http://volatility.tumblr.com/) I wanted to highlight some new tools/plugins. Michael Hale Ligh just released a new Volatility plug-in, malfind.py to find and extract hidden and/or injected code from physical memory samples. He even provides a video demonstrating how it works. Shouts to MHL! http://mnin.blogspot.com/2009/01/malfind-volatility-plug-in.html http://www.mnin.org/code/malfind.py http://www.mnin.org/video/malfind/malfind.html Brendan Dolan-Gavitt released a new plugin for Volatility called moddump. Moddump allows a memory forensics analyst to extract kernel modules from physical memory. Simply add it to your memory_plugins directory and start dumping kernel modules. Shouts to Brendan! http://moyix.blogspot.com/2008/10/plugin-post-moddump.html http://kurtz.cs.wesleyan.edu/~bdolangavitt/memory/moddump.py Finally, Gleeda publicly released vol2html. vol2html is a Perl script that takes the output of Volatility and creates an html report. Shouts to Gleeda! http://gleeda.blogspot.com/2008/11/vol2html-perl-script.html Thanks, AW