Category Archives: Volatility

VolUtility Release v1.2 – With Authentication Module

VolUtilty 1.2 has now been released. If your not sure what VolUtility is – https://techanarchy.net/tag/volutility/ The main addition here is the new optional Authentication module. It is disabled by default and can be enabled via the config file. Before enabling the Auth module it will need a small amount of setup that is detailed on the wiki, basic steps are: cd… Read more »

VolUtility Version 1.0 Release

      2 Comments on VolUtility Version 1.0 Release

It’s a week late but I finally have enough testing done that I’m happy to call this a 1.0 release. :) If you’re not sure what VolUtility is then read some of the earlier posts: VolUtility a web front end VolUtility release 0.2 Solving GrrCon 2015 Solving GrrCon 2016 tldr; It’s a web front end for the Volatility memory analysis… Read more »

Solving GrrCon 2016 DFIR Challenge

      6 Comments on Solving GrrCon 2016 DFIR Challenge

It’s that time of year again and Wyatt Roersma has released the 2016 GrrCon DFIR Challenge. At the time of writing it’s still available to register and download the images from https://ir.e-corp.biz. Once again as these are memory images I am going to try to solve the challenge solely using VolUtility. Word of warning I reveal all the answers :p For the… Read more »

Extracting LastPass Site Credentials from Memory

      12 Comments on Extracting LastPass Site Credentials from Memory

Let me start by stating this is not an exploit or a vulnerability in LastPass. This is just extracting any data that may remain in memory during a forensics acquisition. At some point the data must be in clear. I was reading the Art Of Memory Forensics, (if you don’t own this i highly recommend it. ) On one of the… Read more »