You made memory forensics so easy to understand for a newbie like me. I’m now more interested in practicing forensics. Hats off to to you sir Monnappa!
One of the best presentations that I ever attended. I feel I learned at each and every second of the presentation. Very engaging talk. The experience and the expertise of Monnappa on Volatility framework is incredible. Great work. :)
By far, one of the best videos in terms of understanding the processes used and the different commands with Volatility. Will be watching again so I can practise on my own examples with Volatility3.
What a voice sir, it is so clear and your approach to each objective is definitely whelming. Thank you for such a great demonstration, felt like learnt and dealt with my investigation. Tahnk you once again.
i really liked this presentation; very informative and, indeed, practical. I'm sure I'm not alone in my disappointment for what defcon and black hat have become. What's more; the infosec industry in the east seems much less superficial and sexy, which is why the best presentations come from people who live outside the US, Canada, Western Europe. Feels like that, anyway.
Hi sir, I'm doing a project on "Primary Memory Analysis". I have a question how can I undergo the live memory forensic, in which computer system I need to undergo, can I do on my personal laptop and what are the programs I need to run or do I need to download memory dump from the Internet containing malware? Could you plz advice.
Vmem is a memory dump from a VMware machine. Easiest and cleanest way to obtain it is to snapshot an infected VM and look for this file on the folder the VM is at. You can then run volatility on it without the need to converting it to a raw dump
The dizzying array of tools and techniques... it's mindboggling. Don't we all agree that the root cause of all these issues is... Windows? Ditch that shit OS.