Re: [Vol-users] Volatility's Network Connections

I concur with your point about needing to use all three tools. Each has its own strengths and weaknesses. I use HBGary Responder Pro primarily and fall over to Volatility or Mandiant Memoryze when I come across something HBGary can't do (or I don't know how to do in HBGary). To your point about analyzing network connections, I have recently observed cases where Volatility "connections" produces no output at all and HBGary does. In that situation Volatility "connscan" does find connections, but the lists doesn't 100% match HBGary. I am also a little concerned about what appears to me to be a drop in development activity around Volatility. Is Mandiant Memoryze going to take over the top slot? Right now, I see Mandiant Memoryze as third best behind HBGary and Volatility, but Volatility can't stand still. For example, does anyone know if there any plans to provide functionaility similar to HBGary's new Digital DNA in Volatility? If anyone wants to share information or experiences across all three applications or memory dump analysis in general, feel free to contact me at david(a)sharpebusinesssolutions.com. -- David --- cutaway(a)cutawaysecurity.com wrote: From: "Don C. Weber" <cutaway(a)cutawaysecurity.com> To: vol-users(a)volatilesystems.com Subject: [Vol-users] Volatility's Network Connections Date: Wed, 6 May 2009 08:48:47 -0500    I wanted to let you know that while using Volatility and several other memory analysis tools I received some conflicting information associated with network connections.  I did a quick blog post on the subject that can be read here: http://www.cutawaysecurity.com/blog/archives/523 . It looks like Volatility shows more information than the others in some instances.    Also, if you have additional information or detail on this please post a comment or let me know so that I can add an update to the post. -- -------------------------- Don C. Weber Information Security Consultant Cutaway Security CISSP, GIAC ######################################### Website: http://www.cutawaysecurity.com _______________________________________________ Vol-users mailing list Vol-users(a)volatilesystems.com http://lists.volatilesystems.com/mailman/listinfo/vol-users