CISA Develops Factsheet for Free Tools for Cloud Environments

CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. Free Tools for Cloud Environments provides network...

Finding Evil in Windows 10 Compressed Memory, Part Three: Automating Undocumented Structure Extraction

This is the final post in the three-part series: Finding Evil in Windows 10 Compressed Memory. In the first post Volatility and Rekall Tools, the FLARE team introduced updates to both memory forensic toolkits. These updates enabled these open source tools to analyze previously inaccessible...

Rekall - Rekall Memory Forensic Framework

The Rekall Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory RAM samples. The extraction techniques are performed completely independent of the system being investigated but...

Rekall Memory Forensic Framework

Rekall is an advanced forensic and incident response framework. While it began life purely as a memory forensic framework, it has now evolved into a complete platform. Rekall implements the most advanced analysis techniques in the field, while still being developed in the open, with a free and op...

Dissecting the ZeroAccess Rootkit

The ZeroAccess rootkit isn’t the most well-known or closely watched piece of malware in recent history, but, as an extremely detailed new analysis of the program shows, it is a perfect example of the kind of sophisticated malware that attack crews are using to maintain persistent, silent access t...

James Butler and Peter Silberman talk malware

James Butler and Peter Silberman of MANDIANT with Threatpost’s Robert Vamosi about malware and their new memory forensic software, Memoryze...