Conferences Dalvik Inspector Presentations

504ENSICS Recap: What we’ve been up to

Hello from the 504ensics Labs team. We’ve been pretty busy traveling for the last few weeks, so the blog’s been a bit quiet. Now that we’re back we just thought we’d share some of the interesting things we did, saw, and heard. First up was the Open Memory Forensics Workshop (OMFW) near D.C. Joe presented […]


504ENSICS Releases Digital Forensics Tool: SPOTLIGHT INSPECTOR

504ENSICS Labs just released Spotlight Inspector, a free application for computer forensic investigation of Mac OSX computers. Until now, there has never been an effective cross-platform forensics tool for accessing Spotlight internal data from Mac OSX systems – which is where all of the information about files indexed on a computer can be accessed by […]

Conferences Dalvik Inspector Registry Inspector

504ENSICS Labs at Blackhat USA 2013

504ENSICS Labs at Blackhat USA 2013! 504ENSICS Labs Co-Founder, Joe Sylve, will be demoing our new tool, Dalvik Inspector, at Blackhat Arsenal this summer.  Co-Founder, Lodovico Marziale, will also be demoing the new Registry Inspector tool at conference.   If you’re at the conference, we’d love to see you stop by!


A Framework for Differential Analysis of Malware in RAM

Current analysis methods for images of RAM are limited in that they are designed to analyze a single memory image at a time. When attempting to analyze malware, it is a common technique to spin up a clean VM, infect it with that malware and then acquire a snapshot of RAM. This infected snapshot is […]

Registry Inspector

Announcing Registry Inspector

Today we’d like to announce the development of Registry Inspector, a new and improved Windows registry analysis tool. Registry Inspector is a fork of the 2.0 branch of the popular Registry Decoder tool, which 504ENSICS Co-Founder, Dr. Lodovico Marziale, and our friend and co-researcher Andrew Case originally developed in 2011. Registry Inspector will feature a […]

Android Dalvik Inspector malware Memory Analysis

Android Application (Dalvik) Memory Analysis & The Chuli Malware

Introduction In this blog post, we will be presenting new functionality that will be incorporated into the next major Volatility release after version 2.3. This functionality allows for deep analysis of application internals on the Android operating system. All Android applications, such as those downloaded from Google Play, are powered by Dalvik, which is Google’s […]

Conferences Presentations

RSA Conference 2013

We’ve just gotten back from RSA Security in San Francisco. The talk went great as it seemed there were a few hundred people in the room. The jist of the presentation was that registry forensics can be useful for more than just standard forensics investigations. Co-Founder, Dr. Lodovico Marziale, went over three types of scenarios […]


Forensic Analysis of the OS X Spotlight Search Index

Although not yet nearly as widespread as the Windows platform, Mac OS X-based machines are quickly gaining market share, and are now commonly seen in real-world investigations. While some research exists for analysis on this platform, almost none exists for deep parsing of the Spotlight index, which is used by the Mac OS X Spotlight […]


504ENSICS Labs at RSA Conference 2013

We’ve had a talk accepted at RSA Security this March in San Francisco! It’s going to be a huge event, so hopefully some will want to hear more about registry forensics. The talk is titled “Advanced Techniques for Registry Forensics: A Study of Three Scenarios” and is scheduled for March 1 at 10:20 in the […]