.@volatility New Release: #volatility3 v2.28.0 - visit github.com/volatilityfoundat… for details and downloads. #memoryforensics #dfir

I am excited to announce that I will be speaking at @bsidesnash on May 15th. Be sure to attend to see all the latest @volatility 3 plugins against the most sophisticated and devastating malware from the wild!

Memory-only malware leaves no trace on the file system & is commonly used by threat actors ranging from criminal organizations to ransomware operators to APTs. In our @volatility 3 training, students gain deep hands on experience analyzing such threats: memoryanalysis.net/courses-m…

We have announced the winners of the 2025 @volatility #PluginContest! And the First Place is: Daniel Baier for XFRM Inspector Read the full Contest Results in our blog post: volatilityfoundation.org/the… Congrats to all winners & thank you to all participants! #DFIR #memoryforensics

We will announce the winners of the 2025 @volatility #PluginContest winners tomorrow, Friday, Mar 6, so stay tuned! #DFIR #memoryforensics #Volatility3

.@volatility #PluginContest #Contender Kyrre Wahl Kongsgård: Arrow & Parquet Renderers allows #Volatility3 plugin output to be written via the Arrow Parquet renderers, enabling the output to be integrated into tools for modern data analysis workflows. #DFIR #memoryforensics

.@volatility #PluginContest #Contender Diyar Saadi Ali: This submission includes a suite of detection plugins & tools to identify suspicious processes artifacts within the memory sample of a suspected system using a variety of heuristics & indicators. #DFIR #memoryforensics

.@volatility #PluginContest #Contender Kartik Iyer: APCWatch & MalAPC together provide the capability to identify & analyze APC injection attacks in Windows memory forensics, one of the most sophisticated code injection techniques employed by modern malware #DFIR #memoryforensics

.@volatility #PluginContest #Contender Thomas Clark: The EA App Artifacts, MetaHorizonWorlds & SteamArtifacts plugins help investigators with incidents involving popular gaming platforms by scanning memory for relevant processes and artifacts. #DFIR #memoryforensics

.@volatility #PluginContest #Contender Daniel Baier: XRFM Inspector includes a suite of #Volatility3 plugins that perform the extraction of VPN (IPSEC) related artifacts and cryptographic keys from the XFRM Linux subsystem. #DFIR #memoryforensics

.@volatility #PluginContest #Contender Jan-Hendrik Lang: MemoryInvestigator specializes in Windows memory analysis & integrates #Volatility3 and LLMs, including Retrieval-Augmented Generation (RAG) and an enhanced Tree-of-Table Algorithm #DFIR #memoryforensics

.@volatility #PluginContest #Contender Devarjya Purkayastha: PEScan provides an alternative method for analyzing PE files in a memory sample, assigning a threat score to each memory region that contains a PE file & summarizing high/critical regions. #DFIR #memoryforensics

.@volatility New Release: #volatility3 v2.27.0 - visit github.com/volatilityfoundat… for details and downloads. #memoryforensics #dfir

Kerberos plugin for @volatility allows you to list and extract tickets from memory dump. Another way to track user activity by checking services tickets ! github.com/airbus-cert/volat…

We’ve now made our @DEATHCon2025 workshop Building Custom Memory Analysis Tools with the Modern Python Data Ecosystem publicly available. The workshop shows how to build custom memory forensics tools on top of @volatility output using @marimo_io, @duckdb, and @IbisData. We start with an introduction to marimo notebooks, DuckDB, and the Ibis dataframe library, then move into incident response workflows where Volatility plugin output is treated as tabular data stored in DuckDB tables and processed and presented interactively in a notebook environment. From there, we build reusable analysis components, show how marimo’s reactive execution model enables a custom interactive environment for YARA development, demonstrate how to process string data contained in memory dumps, and finally show how to create custom interactive visualizations and widgets. All notebooks, files, and accompanying videos are now available to everyone.

And that’s it! The 2025 @volatility #PluginContest is now closed. Stay tuned for winner announcements in the coming weeks! And good luck to all contenders! #memoryforensics #opensource #dfir