Friday, January 25, 2013

BSides is coming to New Orleans!

I am happy to announce that we will be putting on a BSides in New Orleans on May 25. Full information can be found here:

We already have Mike Murray confirmed as our keynote, and have had a few well-known researchers express interest in speaking. The CFP is open until March 11, so start thinking of topics!

Monday, January 14, 2013

Windows Malware and Memory Forensics Training in The Windy City!

The next journey to the center of Windows Memory Forensics starts in Chicago this March! 

We are pleased to announce the second public offering of the Windows Malware and Memory Forensics Training by The Volatility Project. This is the only memory forensics course officially designed, sponsored, and taught by the Volatility developers. One of the main reasons we made Volatility open-source is to encourage and facilitate a deeper understanding of how memory analysis works, where the evidence originates, and how to interpret the data collected by the framework's extensive set of plugins. Now you can learn about these benefits first hand from the developers of the most powerful, flexible, and innovative memory forensics tool. 

Appraisal from your peers who attended the first course this past December:

Please see the following details about the upcoming training event:

Dates: Monday, March 18th through Friday, March 22nd 2013
Location: Downtown Chicago, IL (exact location will be shared upon registration)
Instructors: Michael Ligh (@iMHLv2), Andrew Case (@attrc), Jamie Levy (@gleeda)

For more information about the course, view the Volatility Training Flyer (to download a copy of the PDF, click File > Download). To request a link to the online registration site or to receive a detailed course agenda/outline, please send an email voltraining [at]

The 1st Annual Volatility Framework Plugin Contest

We are pleased to announce the 1st Annual Volatility Plugin Contest. This contest is inspired and modeled after the Hex-Rays Plugin Contest.  As in the case of IDA, Volatility was designed with the belief that talented analysts should only be limited by their creativity not the tools they use. In this spirit, Volatility has a flexible architecture that can be extended in numerous ways: analysis plugins (operating system plugins, application plugins, etc), volshell commands, address spaces, profiles, or user interfaces. This contest is intended to inspire people to demonstrate their creativity, become a memory analysis pioneer, win the admiration of your peers, and give back to the community.

The contest is straightforward: Create an innovative and useful extension to The Volatility Framework and win the contest!

  • 1st place wins one free seat at any future Windows Malware and Memory Forensics Training *or* 1500 USD cash
  • 2nd place wins 500 USD cash
  • 3rd place wins 250 USD cash
  • 4th and 5th place wins Volatility swag (T-shirts, Stickers, etc)

Everyone but the Volatility core developers can participate.

Rules of Engagement

  1. The goal of the contest is to create innovative, interesting, and useful extensions for The Volatility Framework. While extensions written in Python are preferred, extensions written in other languages will also be considered.
  2. The submitted extensions should work with the Volatility 2.2 (or greater) release and should have been implemented after the initial contest announcement (1/14/2013).
  3. The top 5 winners of the contest will get the prizes mentioned above.
  4. Volatility core developers are not eligible.
  5. Submissions should be sent to The submission should include the source code, a short description of how the extension is used, and a signed "Individual Contributor License Agreement".
  6. By submitting an entry, you declare that you own the copyright to the source code and are authorized to submit it.
  7. All submissions should be received no later than August 1, 2013. The winner will be announced the following week. We recommend submitting early. In the case of similar submissions, preference will be shown to early submissions.
  8. The Volatility Project core developers will decide the winners based on the following criteria: creativity, usefulness, effort, completeness, submission date, and clarity of documentation.
  9. In order to collect the cash prizes, the winner will need to provide a legal picture identification and bank account information within 30 days of notification. The bank transfer will be made within two weeks after the winner is authenticated.
  10. Group entries are allowed; the prize will be paid (or seat will be registered, if the training option is desired) to the person designated by the group.
  11. Upon approval from the winners, their names/aliases will be listed on the "Volatility Hall of Fame" web page for the world to admire.
  12. Selected contestants may also be asked to present their work at the 2013 Open Memory Forensics Workshop or have their research featured on the Volatility Labs Blog.


A special thanks goes out to the Hex-Rays team for providing the inspiration and template for this contest.