Re: [Vol-users] Volatility's Network Connections

I concur with your point about needing to use all three tools.  Each has its own strengths and weaknesses.  I use HBGary Responder Pro primarily and fall over to Volatility or Mandiant Memoryze when I come across something HBGary can't do (or I don't know how to do in HBGary). To your point about analyzing network connections, I have recently observed cases where Volatility "connections" produces no output at all and HBGary does.  In that situation Volatility "connscan" does find connections, but the lists doesn't 100% match HBGary.