Difference between pages "Memory analysis" and "Cyberspeak podcast"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Volatility Labs)
 
(Started list of interviews)
 
Line 1: Line 1:
'''Memory Analysis''' is the science of using a [[Memory Imaging|memory image]] to determine information about running programs, the [[operating system]], and the overall state of a computer. Because the analysis is highly dependent on the operating system, it has been divded into the following pages:
+
A semi-weekly podcast by [[Bret Padres]] and [[Ovie Carroll]], both former [[AFOSI]] agents. The show first aired on 4 Dec 2005.
  
* [[Windows Memory Analysis]]
+
== Interviews ==
* [[Linux Memory Analysis]]
+
  
== OS-Independent Analysis ==
+
Each week the podcast usually features at least one interview.
  
At the IEEE Security and Privacy conference in May 2011, Brendan Dolan-Gavitt presented a novel system, [http://www.cc.gatech.edu/~brendan/Virtuoso_Oakland.pdf Virtuoso], that was able to perform operating-system independent memory analysis. Using virtual machine introspection accompanied by a number of formal program analysis techniques, his system was able to monitor the machine-level instructions and behavior of application actions (listing processes, network connections, etc) and then automatically generate Volatility plugins that replicated this analysis.
+
=== 2005 ===
  
== Encryption Keys ==
+
* 18 Dec 2005: [[Nick Harbour]], author of [[Dcfldd]]
 +
* 31 Dec 2005: [[Jesse Kornblum]], author of [[foremost]] and [[md5deep]]
  
Various types of encryption keys can be extracted during memory analysis.
+
=== 2006 ===
* [[AESKeyFinder]] extracts 128-bit and 256-bit [[AES]] keys and [[RSAKeyFinder]] and private and public [[RSA]] keys from a memory dump [http://citp.princeton.edu/memory/code/].
+
* [http://jessekornblum.com/tools/volatility/cryptoscan.py cryptoscan.py], which is a [[List of Volatility Plugins|plugin for the Volatility framework]], scans a memory image for [[TrueCrypt]] passphrases
+
  
== See Also ==  
+
* 7 Jan 2006: [[Drew Fahey]], author of [[Helix]]
 +
* 18 Jan 2006: [[Simple Nomad]]
 +
* 21 Jan 2006: [[Johnny Long]]
 +
* 28 Jan 2006: [[Kevin Mandia]]
 +
 
 +
* 4 Feb 2006: [[Brian Carrier]]
 +
* 11 Feb 2006: [[Jesse Kornblum]]
 +
* 18 Feb 2006: [[Bruce Potter]] of the Shmoo Group
 +
* 25 Feb 2006: [[Kris Kendall]] speaks about malware analysis
 +
 
 +
...
 +
 
 +
* 3 Dec 2006: [[Brian Dykstra]]
 +
* 10 Dec 2006: [[Mike Younger]]
 +
* 17 Dec 2006: [[Mike Younger]] and [[Geoff Michelli]]
 +
 
 +
=== 2007 ===
 +
 
 +
* 7 Jan 2007: [[Jamie Butler]]
 +
* 17 Jan 2007: [[Chad McMillan]]
 +
* 28 Jan 2007: [[Jesse Kornblum]]
 +
 
 +
* 11 Feb 2007: [[Scott Moulton]]
 +
* 18 Fen 2007: [[Phil Zimmerman]], creator of [[PGP]] discussing his new [[Zfone]]
 +
* 25 Feb 2007: [[Mark Menz]] and [[Jeff Moss]]
  
* [[Memory Imaging]]
 
* [[:Tools:Memory Imaging|Memory Imaging Tools]]
 
* [[:Tools:Memory Analysis|Memory Analysis Tools]]
 
  
 
== External Links ==
 
== External Links ==
=== Volatility Labs ===
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-11-logon-sessions-processes-and.html MoVP 1.1 Logon Sessions, Processes, and Images]
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-12-window-stations-and-clipboard.html MoVP 1.2 Window Stations and Clipboard Malware]
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-13-desktops-heaps-and-ransomware.html MoVP 1.3 Desktops, Heaps, and Ransomware]
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-14-average-coder-rootkit-bash.html MoVP 1.4 Average Coder Rootkit, Bash History, and Elevated Processes]
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-15-kbeast-rootkit-detecting-hidden.html MoVP 1.5 KBeast Rootkit, Detecting Hidden Modules, and sysfs]
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-21-atoms-new-mutex-classes-and-dll.html MoVP 2.1 Atoms (The New Mutex), Classes and DLL Injection]
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-22-malware-in-your-windows.html MoVP 2.2 Malware In Your Windows]
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-23-event-logs-and-service-sids.html MoVP 2.3 Event Logs and Service SIDs]
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-24-analyzing-jynx-rootkit-and.html MoVP 2.4 Analyzing the Jynx rootkit and LD_PRELOAD]
 
* [http://volatility-labs.blogspot.ch/2012/09/movp-25-investigating-in-memory-network.html MoVP 2.5: Investigating In-Memory Network Data with Volatility]
 
  
[[Category:Memory Analysis]]
+
[http://cyberspeak.libsyn.com/ Official website]

Revision as of 13:08, 27 February 2007

A semi-weekly podcast by Bret Padres and Ovie Carroll, both former AFOSI agents. The show first aired on 4 Dec 2005.

Interviews

Each week the podcast usually features at least one interview.

2005

2006

...

2007


External Links

Official website