Awesome post! I forgot about using BE on memdumps. I would also highly recommend CapLoader. It's really good at pulling pcaps from memdumps and has some other awesome capabilities as well. Regards, Ryan Gibson ________________________________________ From: vol-users-bounces(a)volatilityfoundation.org <vol-users-bounces(a)volatilesystems.com> on behalf of Andrew Case <atcuno(a)gmail.com> Sent: Wednesday, January 28, 2015 6:13 AM To: 'vol-users(a)volatilityfoundation.org' Subject: [Vol-users] New blog post on using bulk_extractor with memory forensics Yesterday we published a new blog post on using bulk_extractor during memory forensics investigations. The writeup focused on the ability to create PCAP files of resident network data inside a memory capture. If you are not using this capability in your investigations then you are definitely missing out! http://volatility-labs.blogspot.com/2015/01/incorporating-disk-forensics-wi… -- Thanks, Andrew (@attrc) _______________________________________________ Vol-users mailing list Vol-users(a)volatilityfoundation.org http://lists.volatilityfoundation.org/mailman/listinfo/vol-users