Volatility v2.0 An advanced memory forensics framework release

Volatility advanced memory forensics framework

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Highlights of this release include:

  • Restructured and depolluted namespace
  • Usage and Development Documentation
  • New Configuration Subsystem
  • New Caching Subsystem
  • New Pluggable address spaces with automated election
  • New Address Spaces (i.e. EWF, Firewire)
  • Updated Object Model and Profile Subsystems (VolatilityMagic)
  • Support for Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7
  • Updated Scanning Framework
  • Volshell integration
  • Over 40 new plugins!

Download Version :


WebBackdoors , Attack, Evasion and Detection:

Abstract: This paper provides insight on common web back doors and how simple manipulations could make them undetectable by AV and other security suits. Paper explains few techniques that could be used to render undetectable and unnoticed backdoor inside web applications.
This paper is mainly an update for an old paper of ours Effectiveness of Antivirus in Detecting Web Application Backdoors, which mainly questioned the effectiveness of AV with respect to web shells and analysis of a couple of web shells. Current paper takes this topic further and explains a couple of methodologies that could be used to make stealth application layer backdoors using web scripting languages .This paper explains various Web Backdoor attacks and evasion techniques that could be used to stay undetected .

Web Application Backdoors:

They are simple scripts built using web applications programs that would serve an attacker as a backdoor to the application hosting environment.
Detection Methods [Signature Based Detection]
In this technique the Antivirus software’s need to have the signature of the Backdoor, and for that the companies should already have had a copy of the backdoor for analyzing.

Download this  Paper : http://www.garage4hackers.com