Strings on Windows

October 23, 2014

The Many Shapes and Sizes of Strings on Windows Earlier this week I was toying around with the idea of implementing a lnk file parser in the go language. Yes, I occasionally do things like this for fun. Just to get a feel for things, I grabbed the most easily...

Announcing the BETA release of DAMM

September 17, 2014

Announcing the BETA release of DAMM, a FOSS memory analysis platform built on top of Volatility Memory analysis is the new(-ish) big thing in the incident response, malware analysis, digital forensics space for the moment, and so all the cool kids seem to be doing it. While memory analysis is...

Automated Volatility Plugin Generation with Dalvik Inspector

May 23, 2013

Introduction In this blog post we will be demonstrating a new feature to the Dalvik Inspector tool, which we are planning on releasing this summer at Black Hat USA. Specifically we have added functionality to the Dalvik Inspector GUI for automatic Volatility plugin creation. To accomplish this, we have developed...

Android Application (Dalvik) Memory Analysis & The Chuli Malware

April 1, 2013

Introduction In this blog post, we will be presenting new functionality that will be incorporated into the next major Volatility release after version 2.3. This functionality allows for deep analysis of application internals on the Android operating system. All Android applications, such as those downloaded from Google Play, are powered...