Loading ...
Sorry, an error occurred while loading the content.

Recovering tmpfs from Memory with Volatility

Expand Messages
  • Andrew Case
    Hello All, I just posted a new blog post about recovering tmpfs from memory with Volatility:
    Message 1 of 2 , Aug 13, 2012
    • 0 Attachment
      Hello All,

      I just posted a new blog post about recovering tmpfs from memory with
      Volatility:

      http://memoryforensics.blogspot.com/2012/08/recoving-tmpfs-from-memory-with.html

      Anyone that does Linux forensics & IR should find the post interesting.

      Thanks,
      Andrew


      [Non-text portions of this message have been removed]
    • Daniel Walton
      Great post, very interesting. Yeah tmpfs is very important to be able to parse, I can see this plugin being very useful. Windows doesn t have anything as
      Message 2 of 2 , Aug 19, 2012
      • 0 Attachment
        Great post, very interesting.
        Yeah tmpfs is very important to be able to parse, I can see this plugin being very useful.

        Windows doesn't have anything as easily available on all systems which will be deleted on reboot to store files so for linux this is essential for analysis as it's a prime place for an attacker to store files.



        From: linux_forensics@yahoogroups.com [mailto:linux_forensics@yahoogroups.com] On Behalf Of Andrew Case
        Sent: Tuesday, 14 August 2012 04:35
        To: linux_forensics@yahoogroups.com
        Subject: [linux_forensics] Recovering tmpfs from Memory with Volatility



        Hello All,

        I just posted a new blog post about recovering tmpfs from memory with
        Volatility:

        http://memoryforensics.blogspot.com/2012/08/recoving-tmpfs-from-memory-with.html

        Anyone that does Linux forensics & IR should find the post interesting.

        Thanks,
        Andrew

        [Non-text portions of this message have been removed]



        Click here<https://www.mailcontrol.com/sr/!gFH99HiT6rTndxI!oX7UrpakrQMGuaSQQC8QnHw1U5SvTKzXrkX7Lt5nGR5Zwb+mVhPQweRplzw2vPhlBpHvw==> to report this email as spam.


        [Non-text portions of this message have been removed]
      Your message has been successfully submitted and would be delivered to recipients shortly.