Tuesday, June 6, 2017

Our Newly Updated Memory Forensics and Malware Analysis Course is Headed to Herndon and London!

As we head into summer, we wanted to let everyone know that for 2017 we only have two remaining public offerings of our highly popular and newly updated Malware and Memory Forensics training course. If you would like to join us, our international course will be in London during the week of September 18th - 22nd, and our US course will be back in Herndon during the week of October 16th - 20th.

Our cutting edge materials are one of the main reasons students value our course. We don't teach the same concepts year after year. Instead, we update our class regularly, to stay in sync with (and in some cases, ahead of) the rapidly changing attack surfaces, advances in defense technologies, malware hiding tricks, and operating system forensics artifacts. A few recent additions include:

  • Windows 10 security features, such as Device Guard, Credential Guard, Isolated User Mode, Protected Processes, etc.
  • Challenges of recent hibernation file analysis, the impact of new sleep modes, and hybrid style hibernations 
  • How to analyze RAM backed page files on Windows 10 & memory compression 
  • The Linux subsystem of Windows 10 and the associated memory artifacts
  • Memory-only Powershell and .NET based attacks
  • New event log sources that compliment memory forensics

Not only only will you be learning these memory forensics topics directly from the authors of the Volatility Framework and the Art of Memory Forensics, but you will also receive Volatility stickers, a branded USB drive, a copy of the Art of Memory Forensics (digital or print), and various opportunities to win SyncStops - all nicely documented by a former student:
One of the most popular class contests is our CTF that pits individuals (or teams of two) against the rest of the class, in a challenge that involves analyzing Windows and Linux memory samples in a scenario resembling events that unfolded during the 2016 U.S. Presidential Election.
To continue providing the most up-to-date memory forensics training available anywhere in the world, our instructors constantly perform high impact, real-world DFIR  (1, 2, 3, 4, 5). The knowledge gained during these investigation is immediately transitioned into content and labs for our training courses:

Besides the core knowledge needed to perform effective memory forensics, we also teach the latest tools and techniques for reliable memory acquisition. Students will gain experience using Volexity Surge Collect Pro for robust, fast, and secure collection of Windows memory to local and remote/network-based destinations. Students can purchase Surge licenses at a discounted price during course registration (see Memory Forensics Training FAQ) or separately after the class.

In closing this update, we would again like to thank the DFIR community for its continued support of the Volatility project and our associated training course. In particular, all the newcomers who are just starting to explore memory analysis, as well as our alumni and numerous repeat students who just can't get enough!

On a side note, if you are going to be at DFRWS or Black Hat this summer then be sure to come introduce yourself!

-- The Volatility Team

Thursday, April 20, 2017

The (5th Annual) 2017 Volatility Plugin Contest is Live!

Its that time again, folks! The 2017 Volatility Plugin contest is now live and accepting submissions until October 1st, 2017. Winners of this year's contest will be receiving over $2,250 in cash prizes as well as plenty of Volatility swag (t-shirts, stickers, mugs, sync stops, etc).

The purpose of the contest is to encourage open memory forensics research and development. It is a great opportunity for students to become familiar with memory forensics, develop a master's thesis or PhD project, as well as gain experience that will be very desirable by future employers. For those already in the field, submitting to the contest is a great way to gain experience and visibility in the memory forensics community. After the contest is over we promote the work in our conference presentations, blogs, and social media.

If you are looking for inspiration or to see the past winners, please check out the pages from 201320142015, and 2016. You will find projects that allow for inspection of virtual machines guests from the view of the host, recovery of in-memory browser artifacts, methods to detect stealthy rootkits, and much more.

If you have any questions please feel free to reach out to us. 

We are looking forward to another year of innovative open source research!