Difference between pages "Blogs" and "Volatility Framework"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(English)
 
(Update website links.)
 
Line 1: Line 1:
[[Computer forensics]] related resources like: blogs, fora, tweets, tools and challenges (and test images).
+
{{Infobox_Software |
 +
  name = Volatility |
 +
  maintainer = [[AAron Walters]] |
 +
  os = {{Cross-platform}} |
 +
  genre = {{Memory analysis}} |
 +
  license = {{GPL}} |
 +
  website = [https://code.google.com/p/volatility/ https://code.google.com/p/volatility/] |
 +
}}
  
= Blogs =
+
The '''Volatility Framework''' is a completely open collection of tools, implemented in Python under the GNU General Public License (GPL v2), for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.
  
== English ==
+
The project was originally developed by and is now headed up by [[AAron Walters]] of [[Volatile Systems]].
  
* [http://www.appleexaminer.com/ The Apple Examiner]
+
== Plugins ==
* [http://computer.forensikblog.de/en/ Computer Forensics Blog], by [[Andreas Schuster]]
+
See: [[List of Volatility Plugins]]
* [http://www.niiconsulting.com/checkmate/ Checkmate - e-zine on Digital Forensics and Incident Response]
+
* [http://www.infosecinstitute.com/blog/ethical_hacking_computer_forensics.html Jack Koziol - Ethical Hacking and Computer Forensics]
+
* [http://windowsir.blogspot.com/ Windows Incident Response Blog], by [[Harlan Carvey]]
+
* [http://geschonneck.com/ Computer Forensics Blog], by [[Alexander Geschonneck]]
+
* [http://forensicblog.org/ Computer Forensics Blog], by [[Michael Murr]]
+
* [http://forenshick.blogspot.com/ Forensic news, Technology, TV, and more], by [[Jordan Farr]]
+
* [http://unixsadm.blogspot.com/ UNIX, OpenVMS and Windows System Administration, Digital Forensics, High Performance Computing, Clustering and Distributed Systems], by [[Criveti Mihai]]
+
* [http://intrusions.blogspot.com/ Various Authors - Intrusions and Malware Analysis]
+
* [http://chicago-ediscovery.com/education/computer-forensics-glossary/ Computer Forensic Glossary Blog, HOWTOs and other resources], by [[Andrew Hoog]]
+
* [http://secureartisan.wordpress.com/ Digital Forensics with a Focus on EnCase], by [[Paul Bobby]]
+
* [http://www.crimemuseum.org/blog/ National Museum of Crime and Punishment-CSI/Forensics Blog]
+
* [http://forensicsfromthesausagefactory.blogspot.com/ Forensics from the sausage factory]
+
* [http://integriography.wordpress.com Computer Forensics Blog], by [[David Kovar]]
+
* [http://jessekornblum.livejournal.com/ A Geek Raised by Wolves], by [[Jesse Kornblum]]
+
* [http://computer-forensics.sans.org/blog SANS Computer Forensics and Incident Response Blog by SANS Institute]
+
* [http://www.digitalforensicsource.com Digital Forensic Source]
+
* [http://dfsforensics.blogspot.com/ Digital Forensics Solutions]
+
* [http://forensicaliente.blogspot.com/ Forensicaliente]
+
* [http://www.ericjhuber.com/ A Fistful of Dongles]
+
* [http://gleeda.blogspot.com/ JL's stuff]
+
* [http://4n6k.blogspot.com/ 4n6k]
+
* [http://justaskweg.com/ JustAskWeg], by [[Jimmy Weg]]
+
* [http://blog.kiddaland.net/ IR and forensic talk], by [[Kristinn Gudjonsson]]
+
* [http://c-skills.blogspot.ch/ c-skills], by [[Sebastian Krahmer]]
+
* [http://sketchymoose.blogspot.ch/ Sketchymoose's Blog]
+
* [http://www.swiftforensics.com/ All things forensic and security related], by [[Yogesh Khatri]]
+
* [http://dan3lmi.blogspot.pt/ Dlog], by [[Daniela Elmi]]
+
  
=== Windows ===
+
== Memory acquisition drivers ==
* [http://blogs.msdn.com/b/ntdebugging/ ntdebugging - Advanced Windows Debugging and Troubleshooting]
+
  
== Dutch ==
+
In 2012 [[Michael Cohen]] contributed both a Linux and a Windows Open Source memory (acquisition) driver to the Volatility project as part of the Technology Preview (TP) version, aka scudette branch.
 +
Since the scudette branch of Volatility has moved on as a separate project, the drivers can now be found as part of the [[rekall]] project.
  
* [http://stam.blogs.com/8bits/ 8 bits], by [[Mark Stam]] (also contain English articles otherwise use [http://translate.google.com/translate?u=http%3A%2F%2Fstam.blogs.com%2F8bits%2Fforensisch%2Findex.html&langpair=nl%7Cen&hl=en&ie=UTF-8 Google translation])
+
== See Also ==
 +
* [[List of Volatility Plugins]]
  
== French ==
+
== External Links ==
 
+
* [https://code.google.com/p/volatility/ Official web site]
* [http://forensics-dev.blogspot.com Forensics-dev] ([http://translate.google.com/translate?u=http%3A%2F%2Fforensics-dev.blogspot.com%2F&langpair=fr%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [http://code.google.com/p/volatility/source/checkout Code repository], direct link to [http://code.google.com/p/volatility/source/browse/ source]
 
+
* [http://code.google.com/p/volatility/w/list Volatility Documentation]
== German ==
+
 
+
* [http://computer.forensikblog.de/ Computer Forensik Blog Gesamtausgabe], by [[Andreas Schuster]] ([http://computer.forensikblog.de/en/ English version])
+
* [http://computer-forensik.org computer-forensik.org], by [[Alexander Geschonneck]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.computer-forensik.org&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [http://henrikbecker.blogspot.com Digitale Beweisführung], by [[Henrik Becker]] ([http://translate.google.com/translate?u=http%3A%2F%2Fhenrikbecker.blogspot.com&langpair=de%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
 
+
== Spanish ==
+
 
+
* [http://www.forensic-es.org/blog forensic-es.org] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.forensic-es.org%2Fblog&langpair=es%7Cen&hl=en&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [http://www.inforenses.com InForenseS], by [[Javier Pages]] ([http://translate.google.com/translate?u=http%3A%2F%2Fwww.inforenses.com&langpair=es%7Cen&hl=es&ie=UTF-8&oe=UTF-8&prev=%2Flanguage_tools Google translation])
+
* [http://windowstips.wordpress.com El diario de Juanito]
+
* [http://conexioninversa.blogspot.com Conexión inversa]
+
 
+
== Russian ==
+
 
+
* Group-IB: [http://notheft.ru/blogs/group-ib blog at notheft.ru], [http://www.securitylab.ru/blog/company/group-ib/ blog at securitylab.ru]
+
 
+
= Related blogs =
+
 
+
* [http://www.c64allstars.de C64Allstars Blog]
+
* [http://www.emergentchaos.com/ Emergent Chaos], by [[Adam Shostack]]
+
* [http://jeffjonas.typepad.com/ Inventor of NORA discusses privacy and all things digital], by [[Jeff Jonas]]
+
* [http://www.cs.uno.edu/~golden/weblog Digital Forensics, Coffee, Benevolent Hacking], by [[Golden G. Richard III]]
+
 
+
= Circles/Fora/Groups =
+
* [http://forensicfocus.com/ Forensic Focus]
+
* [http://tech.groups.yahoo.com/group/win4n6 Yahoo! groups: win4n6 · Windows Forensic Analysis]
+
 
+
= Tweets =
+
* [http://twitter.com/#!/search/%23DFIR?q=%23DFIR #DFIR]
+
* [http://twitter.com/#!/search/%23forensics #forensics]
+
 
+
= Tools =
+
* [http://www2.opensourceforensics.org/ Open Source Digital Forensics]
+
* [http://forensiccontrol.com/resources/free-software/ Free computer forensic tools]
+
* [http://code.google.com/p/libyal/ Yet another library library (and tools)]
+
 
+
= Challenges (and test images) =
+
* [http://www.dc3.mil/challenge/ DC3 Challenges]
+
* [http://testimages.wordpress.com/ Digital Forensics Test Images]
+
* [http://www.forensicfocus.com/images-and-challenges Forensic Focus - Test Images and Forensic Challenges]
+
* [https://www.honeynet.org/challenges/ Honeynet Project Challenges]
+
* [http://testimages.wordpress.com/ Digital Forensic Test Images]
+
* [http://secondlookforensics.com/linux-memory-images/ Second Look - Linux Memory Images]
+
* [http://sourceforge.net/projects/nullconctf2014/ NullconCTF2014]
+
 
+
= Conferences =
+
See: [[:Category:Conferences|Conferences]]
+
 
+
[[Category:Further information]]
+

Latest revision as of 20:02, 29 January 2014

Volatility
Maintainer: AAron Walters
OS: Cross-platform
Genre: Memory Analysis
License: GPL
Website: https://code.google.com/p/volatility/

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License (GPL v2), for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

The project was originally developed by and is now headed up by AAron Walters of Volatile Systems.

Plugins

See: List of Volatility Plugins

Memory acquisition drivers

In 2012 Michael Cohen contributed both a Linux and a Windows Open Source memory (acquisition) driver to the Volatility project as part of the Technology Preview (TP) version, aka scudette branch. Since the scudette branch of Volatility has moved on as a separate project, the drivers can now be found as part of the rekall project.

See Also

External Links