Hello from the 504ensics Labs team. We’ve been pretty busy traveling for the last few weeks, so the blog’s been a bit quiet.

Now that we’re back we just thought we’d share some of the interesting things we did, saw, and heard.

Vico Marziale, Open Memory Forensics WorkshopFirst up was the Open Memory Forensics Workshop (OMFW) near D.C. Joe presented some further research on Dalvik memory forensics, and issued a call to arms to the memory forensics community to help with some outstanding problems – the most important being the difficulty in acquiring memory dumps from Android devices when the kernel sources are not made available.

There were some really cool talks on Volatility, including that there is a new 3.0 release in the works that will make the framework easier to use and extend, and that the long-awaited Linux and OS X support has been released.

George Garner also gave a spooky talk on some undeniably cool malware techniques in the wild, like hiding in CD-ROM drive firmware and propagating infection through burned disks!

Next up was the Open Source Digital Forensics Conference (OSDF) in the same place as OMFW. There were more fun talks, especially about the work going on with the new Autopsy. There was interest expressed in including a Scalpel module in the framework, so we’ve begun work to make that happen. Hopefully this will also result in a long-overdue Scalpel release.

Then we made a trip down back south for BSIDES Jackson, which was some great fun with some great friends. Can’t wait to see what they have in store for 2014!

Most recently I went to NYU Poly for the THREADS conference, a part of the Cyber Security Awareness Week (CSAW). At THREADS, the entire program was talks by performers on DARPA Cyber Fast Track (CFT) grants. I gave a short presentation on the current state of my malware research: using differential analysis of multiple snapshots of RAM for detecting the presence and activity of malware. There seemed to be some genuine interest in the technique, so I’ll continue to pursue better and better results. Keep an eye out here, as I may be looking for some beta testers in the near future for a new tool release!

Well, that’s what we’ve been up to. Did we miss anything cool?

– Vico