🔍 Orochi is a modern, distributed memory forensics platform built on Volatility 3, Django, and Dask. A powerful solution for collaborative DFIR investigations, threat hunting, and large-scale memory analysis. 📖 Read here: [hackersmail.com/blog/orochi-…] 💻 GitHub: github.com/LDO-CERT/orochi #CyberSecurity #DFIR #MemoryForensics #DigitalForensics #OpenSource #InfoSec

Aether: Windows Memory Forensics & Threat Hunting Tool Aether is an open-source Windows memory forensics and threat hunting tool written in Zig. It is designed to scan live process memory for malicious patterns, process injection techniques, reflective .NET assembly loading, and other indicators of compromise while reducing false positives through a multi-layer detection model. Key capabilities include: • Memory signature scanning • Process hollowing detection • APC injection detection • Thread hijacking detection • Reflectively loaded .NET assembly detection • RWX memory region identification • Hook and trampoline detection • Memory snapshot collection for offline analysis • PEB and module integrity validation Aether is positioned as a tool for threat hunters, DFIR teams, malware analysts, and security researchers investigating suspicious processes and memory-resident threats on Windows systems. (GitHub⁠) GitHub: github.com/0xsp-SRD/aether ⚠️ Disclaimer: CyHawk Africa has not independently tested or audited this tool. This post is shared for cybersecurity research and awareness purposes only. Organizations should evaluate security tools in a controlled environment before deployment. #CyberSecurity #ThreatHunting #DFIR #MemoryForensics #IncidentResponse #MalwareAnalysis #WindowsSecurity #CyHawkAfrica :

🔎 Análisis forense de memoria de un compromiso asociado a StrelaStealer mediante PowerShell, WebDAV y Rundll32 La memoria RAM sigue siendo una de las fuentes de evidencia más valiosas en DFIR. Su análisis permite identificar procesos activos, líneas de comando, relaciones entre procesos y artefactos que, en muchos casos, no dejan rastro persistente en disco. En este caso se investiga una estación de trabajo de un entorno financiero que generó múltiples alertas de comportamiento anómalo. Mediante un volcado de memoria analizado con Volatility 3, fue posible reconstruir una cadena de compromiso basada en técnicas Living Off The Land (LotL) y atribuir la actividad a StrelaStealer. La investigación permitió identificar la ejecución de PowerShell en modo oculto, seguida del uso de Net.exe para acceder a un recurso WebDAV remoto. Posteriormente, el atacante utilizó Rundll32.exe para ejecutar una DLL alojada directamente en infraestructura controlada por el adversario. La secuencia observada refleja el abuso de LOLBins, una técnica que aprovecha binarios legítimos del sistema operativo para ejecutar código malicioso y dificultar la detección por parte de soluciones de seguridad tradicionales. La correlación de procesos, argumentos de ejecución y contexto de usuario permitió determinar que la actividad se desarrollaba bajo una cuenta con privilegios administrativos, aumentando significativamente el impacto potencial del incidente. Finalmente, el análisis del payload y de la infraestructura utilizada permitió relacionar la actividad con StrelaStealer, malware especializado en el robo de credenciales de clientes de correo electrónico. Cadena de ataque reconstruida: • Ejecución oculta de PowerShell • Conexión a un recurso WebDAV remoto • Acceso al payload mediante Net.exe • Ejecución de DLL remota con Rundll32 • Despliegue de StrelaStealer • Operación bajo privilegios administrativos Técnicas MITRE ATT&CK identificadas: • T1059.001 – PowerShell • T1105 – Ingress Tool Transfer • T1218.011 – Rundll32 • T1106 – Native API Este caso demuestra cómo el análisis de memoria permite reconstruir una intrusión compleja a partir de evidencias volátiles y cómo la combinación de DFIR, Threat Intelligence y MITRE ATT&CK resulta clave para comprender y atribuir una amenaza. • Artículo completo en el primer comentario #DFIR #MemoryForensics #DigitalForensics #IncidentResponse #ThreatHunting #ThreatIntelligence #MalwareAnalysis #StrelaStealer #Volatility #MITREATTACK #WindowsForensics #SOC #BlueTeam #CyberSecurity #CSIRT #Infosec #ThreatDetection #ForensicAnalysis #WindowsSecurity #DFIRCommunity

We are excited to welcome our 2026 #summerinternship students from @ND_CSE, @umdcs & @MAGEUMD! Over the next few months, they will be working alongside our engineering and threat intelligence teams on core software development and #memoryforensics research. Learn more about our program and future opportunities: volexity.com/internships/ #dfir

> Me Ake Nufi Da: Memory Forensics (RAM Analysis) > Memory Forensics Ko Kace RAM Analysis Wata Hanya Ce Ta Binciken Dijital Da Ake Amfani Da Ita Wajen Nazarin Bayanai Da Suke Cikin RAM (Random Access Memory) Na Kwamfuta Ko Wata Na'ura A Lokacin Da Take Aiki. > RAM Shine Ƙwaƙwalwar Ajiya Ta Ɗan Lokaci Da Kwamfuta Ke Amfani Da Ita Yayin Gudanar Da Ayyuka Daban Daban, Acikin RAM Ana Iya Samun Running Processes, Open Applications, Network Connections, User Sessions, Da Sauran Muhimman Bayanai Da Ke Gudana A Wannan Lokacin. > Ɗaya Daga Cikin Muhimman Dalilan Da Suka Sa Memory Forensics Ke Da Matuƙar Muhimmanci Shine Saboda Wasu Bayanai Ba Sa Tsayawa A Hard Disk, Da Zarar An Kashe Na'ura, Yawancin Abubuwan Da Ke Cikin RAM Suna Bacewa, Wanda Ke Sa Ta Zama Wata Muhimmiya Wajen Tattara Shaidu Kafin Su Ɓace. > Ta Hanyar Memory Forensics, Ana Iya Gano Active Processes Da Suke Aiki, Network Connections Da Aka Buɗe, User Activities, Da Kuma Wasu Nau'ikan Malware Da Suke Aiki A Boye Ba Tare Da Sun Rubuta Bayanan Kansu A Hard Disk Ba. > Haka Kuma Ana Iya Gano Wasu Muhimman Bayanai Kamar Open Files, Browser Sessions, Da Wani Lokaci Har Ma Encryption Keys Da Ke Taimakawa Masu Bincike Fahimtar Yadda Wani Hari Ko Matsala Ta Faru. > Aikin Memory Forensics Yana Farawa Ne Da Ɗaukar Cikakken Kwafin RAM Wanda Ake Kira Memory Dump, Sannan A Yi Nazari A Kai Ta Amfani Da Kayan Aiki Kamar FTK Imager Wannan Daliban Mu Sunsan Ya Ake Aiki Dashi, Sai Kuma DumpIt, WinPmem Da Volatility. > Wannan Fanni Yana Da Muhimmanci Sosai A Incident Response, Malware Analysis, Threat Hunting, Da Digital Forensics Saboda Yana Taimakawa Masana Tsaro Su Gano Abubuwan Da Ke Faruwa Kai Tsaye A Cikin Tsari. #Cybersecurity #MemoryForensics #RAMAnalysis

Memory Forensics Using Volatility Framework 📲 Telegram: t.me/hackinarticles Discover how investigators analyze RAM memory dumps to uncover hidden processes, credentials, and malicious activity during forensic investigations. 🕵️‍♂️💻 💡 Key Takeaways: 🧠 Memory Acquisition Basics 📦 Supported Memory Dump Formats 🔍 Image Profile Identification ⚙️ Volatility Plugins & Commands 🧾 Process & Network Artifact Analysis 🔐 Credential & Registry Extraction 📖 Full Guide: hackingarticles.in/memory-fo… #Volatility #MemoryForensics #DFIR #DigitalForensics #CyberSecurity #HackingArticles #Infosec

The latest @DarknetDiaries (Ep. 174: Pacific Rim) offers a look at state-sponsored groups targeting perimeter infrastructure & edge devices. Thanks @JackRhysider for mentioning our work! @Volexity’s detection and response efforts combined network visibility, host-based analysis, #threatintelligence & #memoryforensics, enabling us to discover these complex #0days being exploited in the wild. Read our blog post for the original research mentioned: volexity.com/blog/2022/06/15…

.@Volexity Volcano Server & Volcano One v26.04.27 adds memory analysis for arm64 Windows, memory-only .NET assemblies, SRUM database, Linux systemd units, history & timers from RAM. This release also adds detection of AppleScript usage, cleared Windows event logs, AV scanning of files & deployments across AWS accounts. Contact us for more information: volexity.com/company/contact… #memoryforensics #memoryanalysis #dfir

.@volatility New Release: #volatility3 v2.28.0 - visit github.com/volatilityfoundat… for details and downloads. #memoryforensics #dfir

🎖️ El Curso Fundamentos de Forense Digital está permanente disponible en el aula virtual para acceso inmediato. 📲 WhatsApp: wa.me/51949304030 🌐 reydes.com/e/Curso_Fundament… #memoryforensics #networkforensics #forensictools #digitalevidence #cybercrime #dfir #digitalforensics

Most memory forensics training ships you a pre-built memory image and asks you to run Volatility against it. That's like learning incident response by reading someone else's IR report. We took a different approach with Applied Memory Forensics. You build three VMs. You execute the attack yourself from Kali. You capture the memory. You analyze what YOUR attack left behind. Process injection? You run the Meterpreter migration, capture the memory, and find the injected region in the VAD tree of the process you just migrated into. Credential theft? You run Mimikatz via Meterpreter, capture LSASS, and extract the hashes yourself. Kernel rootkit? You compile a proof-of-concept driver, load it, and detect it through pool tag scanning. 7 attack techniques. 11 memory captures. All yours. MF0 and MF1 are free — no account needed. You'll build the lab and capture your first baselines. Course Access: training.ridgelinecyber.com/… #DFIR #MemoryForensics #Volatility3 #CyberSecurity #BlueTeam

BLACK HAT ASIA SPEAKER SPOTLIGHT SERIES 💡
Meet Toyofumi Sawa @_Tyojan, Ph.D. candidate at the Institute of Information Security (Japan), as he answers three key questions in our latest Spotlight video: 👉 What are you most excited about for Black Hat Asia 2026? 
👉 What will your session focus on?
 👉 What’s one key insight or takeaway attendees can expect? Catch his Black Hat Asia Briefing, “Breaking the Illusion of Key Zeroization: How OS, Libraries, and Hardware Keep Your AES Keys Alive,” where he uncovers why cryptographic keys often persist in memory despite zeroization—and what this means for real-world system security. 🔐⚠️ Don’t miss his deep dive into key persistence, system-level behavior, and cryptographic risk: bit.ly/46smjXh #BHASIA #Cybersecurity #Cryptography #SystemSecurity #MemoryForensics

Operation #PhantomCLR. #CYFIRMAresearch uncovers a highly sophisticated post-exploitation framework. The campaign leverages .NET #AppDomainManager #hijacking to abuse a legitimate, digitally signed Intel binary (IAStorHelp.exe), transforming it into a stealthy execution container without modifying the original file. This allows malicious code to execute within a trusted environment, effectively bypassing traditional EDR and antivirus defenses. Overall, this #APT-grade framework highlights the growing trend of trusted binary abuse and fileless, in-memory execution. #ThreatIntelligence #MalwareAnalysis #CyberSecurity #ThreatHunting #MemoryForensics #CYFIRMA cyfirma.com/research/operati…

🎖️ El Curso de Informática Forense está permanente disponible en el aula virtual para acceso inmediato. 📲 WhatsApp: wa.me/51949304030 🌐 reydes.com/e/Curso_de_Inform… #digitalforensics #dfir #computerforensics #memoryforensics #diskforensics #datarecovery #cybercrime

Investigated a system crash scenario using only a memory dump where the h@çķ€R has stole information but deleted a very important file after a system was compromised. By analysing volatile memory, I was able to trace process execution, recover hidden artifacts, and reconstruct user activity that never touched disk. What looked like a simple failure revealed a chain of actions preserved in RAM. In digital forensics, memory often holds the truth when everything else is gone. @RedHatPentester @elormkdaniel #MemoryForensics #DFIR #DigitalForensics #CyberSecurity #Volatility #IncidentResponse #Infosec

Most people think once something isn’t saved on a computer, it’s gone. Not true. Right now I’m working on memory forensics case, and it’s crazy how much you can recover from just RAM. Running programs, hidden activity, even things that never touched the hard drive. Sometimes the real story is in memory, not storage. #CyberSecurity #MemoryForensics #DigitalForensics #TechLife #DFIR @elormkdaniel @RedHatPentester

🔥#HighlyCitedPaper 🖥️A Comprehensive Literature Review on Volatile Memory Forensics 🔗Read at: mdpi.com/2079-9292/13/15/302… Authors from @KingFaisalUnive #cybersecurity #MemoryForensics #ForensicTools #VolatileMemory #DigitalInvestigations

TOTAL RECALL 2024 - Memory Forensics Self-Paced Learning/Challenge/CTF #MemoryForensics #CTF #IncidentResponse #DigitalForensics #Cybersecurity securitynik.com/2024/03/tota…

This is why incident response teams rush to capture memory first. RAM holds the live story of what really happened on a system, from running processes and decrypted browser sessions to fragments of chats, credentials and unsaved work. Attackers know this too, which is why many modern threats try to stay fileless and avoid leaving evidence on disk. In investigations, memory analysis can expose lateral movement, injected malware, command history and active network connections that would never appear in traditional disk forensics. It turns volatile data into actionable intelligence. Digital evidence does not only live in files. Sometimes the strongest evidence is what was never written to storage. Well done my brother ❤️ #MemoryForensics #DFIR #IncidentResponse #Volatility #CyberSecurity #DigitalForensics

Just wrapped up a really interesting digital forensics lab where I had to investigate a system crash using only a memory dump. Think of memory like the brain of a computer. Even when a device crashes, traces of what was happening seconds before can still be found there. @elormkdaniel @RedHatPentester #DigitalForensics #DFIR #CyberSecurity #MemoryForensics #IncidentResponse #BlueTeam #ThreatHunting #CyberInvestigation