Tag Archives: Volatility

Code

Volatility Malware Analysis

For the second part of our Volatility project, we wanted to determine whether or not we could find traces of malware in a system that was once put in hibernation mode. When a user puts their computer into hibernation, a hiberfil.sys file is created. If a system has malware running in the background and is then put into hibernation, we hypothesized that hiberfil.sys will have remnants of the malicious code. Continue reading

Code

Volatility Plugins

Volatility, the memory forensics framework, is equipped with an abundance of powerful plugins and this number is continuously growing. It is important for law enforcement to understand which plugins to use and when, as well as how to get them to function properly. Testing and running the different commands within Volatility was the first part of our project. Continue reading

Code

Volatility Introduction

For about a month now, a team of students lead by Forensics Intern Catherine Stamm has been working on a Volatility project at the LCDI. Volatility is an open source memory forensics framework that is capable of performing memory dumps for malware analysis, registry hive scans, and searches for hidden processes among other things.  Team members include Computer and Digital Forensic majors Daniel Doonan and David Leberfinger and programmer Connor Hicks. Continue reading