vol-users, During last year's OMFW, I gave a presentation on a new Volatility plugin called dumpfiles[1]. This plugin automates the process of extracting both memory mapped and cached files. While we have distributed early versions of the plugin in the Volatility training classes, we are in the final stages of testing for its inclusion in the upcoming 2.3 release. If you have some cycles and interest in helping us test, please send me a note off-list. Thanks, AW PS: Special thanks to Ikelos, MHL, Gleeda, attc, and Carl Pulley for their help with earlier versions! [1] http://volatility-labs.blogspot.com/2012/10/movp-44-cache-rules-everything-…