Thursday, July 31, 2014

Announcing Windows Malware and Memory Forensics in Austin, San Francisco, and Brazil!

Along with the release of The Art of Memory Forensics, we are very happy to announce that we now have the following new Malware and Memory Forensics trainings scheduled:
This is the only memory forensics course officially designed, sponsored, and taught by the Volatility developers. One of the main reasons we made Volatility open-source is to encourage and facilitate a deeper understanding of how memory analysis works, where the evidence originates, and how to interpret the data collected by the framework's extensive set of plugins. Now you can learn about these benefits first hand from the researchers and developers of the most powerful, flexible, and innovative memory forensics tool.

Michael Ligh (@iMHLv2), Andrew Case (@attrc), and Jamie Levy (@gleeda)
Information on each instructor can be found here.

Registration Process
To request a link to the online registration site or to receive a detailed course agenda/outline, please send an email voltraining [[ at ]] or contact us through our web form.

Past Reviews
Many past reviews of the course can be found on our website here as well as a previous blog post here. We also have some additional feedback from our recent courses:

"Wonderful and mind blowing course" - Lakshmi R., Incident Response 

"that was the best training week that I have spent in my entire career" - Sean M. 

"As relevant (if not more) than any disk based forensics course. Should be required for incident responders / digital forensics investigators" - Christian R., Senior Member of Technical Staff

"A top-notch and highly skilled team presents students with more vaulable information and insight than any other source of info - effectively using the premier memory analysis tool" - Matthew G. 

"This was the most in-depth forensic course I've ever taken. The instructors are top notch and really know the material and concepts behind it. If you're serious about protecting your network, you need to take this course." - Ryan G.

"This is the best forensics training I have ever participated in. You don't just learn what commands to blindly punch in; you gain deep insight into Windows internals, understand how malware can subvert the OS, and how to detect these abuses. Also tons of stuff I can bring home to continue training and apply to my work." - Christian B.

"I've done my share of courses; yours has it all: "wow" factor in class, great expectations, great labs." - Jorge C., IT Security Expert

Monday, July 7, 2014

Volatility at Black Hat USA & DFRWS 2014

Due to another year of open research and giving back to the open source community, Volatility will have a strong presence at both Black Hat USA and DFRWS 2014. This includes presentations, a book signing, and even a party!

At Black Hat, the core Volatility Developers (@4tphi, @attrc, @gleeda, @iMHLv2, and Mike Auty) will be partaking in a number of events including:
  • Releasing Volatility 2.4 at Black Hat Arsenal: This release includes full support for Windows 8, 8.1, Server 2012, and Server 2012 R2, TrueCrypt key and password recovery modules, a switch to GitHub hosting, as well as over 30 new Mac and Linux plugins for investigating malicious code, rootkits, and user activity. 
  • Releasing The Art of Memory Forensics: AMF is over 900 pages of memory forensics and malware analysis across Windows, Mac, and Linux. It will be available for the first time in the bookstore during the pre-conference trainings and briefings.
  • Book Signing for AMF: On Wednesday, August 6th at 3:15PM, in the Black Hat book store, we will be on site for signing books. 
  • Volatility Happy Hour sponsored by The Hacker Academy: This will be an open bar party where you can meet our team, bring books to be signed, and get stickers, t-shirts, and other Volatility swag all while enjoying tasty beverages. You must register (free) if you wish to attend!

Friends of Volatility will also be leading a number of events at Black Hat including Briefing presentations from Silvio Cesare and Andrew Hay and Arsenal demos from Joe Grand, Vico Marziale, Joe Sylve, David Cowen, and Jeff Bryner

At DFRWS, Dr. Golden Richard (@nolaforensix) will be presenting a paper that he and I wrote: In Lieu of Swap: Analyzing Compressed RAM in Mac OS X and Linux. In this paper, we discuss the in-memory, compressed swap facilities of Mac OS X and Linux, their impact on memory forensics investigations, and how we developed Volatility plugins to decompress the caches transparently during the operation of Mac & Linux analysis plugins. 

We hope to see everyone at these events, and we are looking forward to an exciting August!