The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis 2/e", "Windows Registry Forensics", "Windows Forensic Analysis Toolkit 3/e",
as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".
Tuesday, April 14, 2009
New Volatility Plugins
Andreas has posted a couple of new Volatility plugins recently that look really interesting, in that he provided the capability to link file objects to processes, as well as scanning a memory dump for driver objects.
Posts
No comments:
Post a Comment