Explore the groundbreaking features and advancements of Volatility 3, the latest iteration of the world's most advanced memory forensics platform, in this insightful conference talk from OSDFCon 2019. Delve into the evolution of memory forensics from 2006 to 2019, examining how operating system release cycles have changed and the impact on digital investigations. Discover the new capabilities Volatility 3 offers, including extensive API documentation, automated operating system and application support, and advanced analytics tools. Learn about innovative features such as automated version analysis, automatic symbol inclusion, and in-memory hook emulation. Gain insights into the framework's ability to analyze multiple samples simultaneously and its new contributor-focused license. Understand how Volatility 3 addresses the challenges of increasingly large volumes of complex data in digital forensics. Get a first-hand look at this pre-release version and learn how to contribute to its official launch, helping shape the future of memory forensics.
Overview
Syllabus
Intro
Looking Back
Memory Forensics: 2006 vs. 2019
Operating System Release Cycles in 2019 [3, 4]
The History of Vol3
What is New in Volatility 3? Cont.
What is New for Developers? • Extensive API documentation
Supporting Modern and Advanced Analytics • Automating (where possible) operating system and application support
Automated Version Analysis - TrueCrypt vs VeraCrypt [7,8]
Automatic Symbol Inclusion
Automated Emulation of In-Memory Hooks [9]
Automatically analyzing Multiple Samples
Looking Forward
References
Start Using It and Get Involved!
Taught by
BasisTech
