We have had a busy couple of weeks presenting at a number of conferences and workshops, and now finally have the time to distribute our materials.
First is Andrew Case's (@attrc) presentation at the Open Memory Forensics Workshop which can be found here. This talk covered Volatility's current Linux memory analysis capabilities as well as functionality that will be incorporated in the near future. These new features include Android support and kernel-level rootkit detection.
Second is the slides from our GFIRST presentation on investigating coordinated data exfiltration (here). This talk was co-presented by Golden Richard (@nolaforensix) and Andrew Case. The purpose of this presentation was to show the steps we took when investigating a complex, real-life data exfiltration case. We cover analyzing a number of evidence sources, how to correlate the raw data, and a process for coherently reporting the findings.
Andrew Case also did a Volatility Linux workshop at the recent Blackhat Vegas Briefings, and the newly developed functionality and plugins will soon be incorporated into the Linux branch of Volatility 2.0.