Home

Awesome

DFRWS-USA-2023

This repository contains the version information and plugins to reproduce the results from the research paper "Windows memory forensics: Identification of (malicious) modifications in memory-mapped image files" (see here). These plugins will hence not be updated, so:

NOTE: For the most current version of all plugins contained in here, see: https://github.com/f-block/volatility-plugins.

Software Versions used in the Research

Windows versions used for research and tested with these plugins:

Specific Windows versions for particular tests are also mentioned in the paper.

ToolVersion
Google Chrome109.0.5414.75
Chromium111.0.5555.0
Firefox109.0.1
Microsoft Edge109.0.1518.55
Microsoft Office (running Word and Excel)18.2104.12721.0
PowerShell5.1 (Build 19041, Revision 2364)
AVG Free Antivirus22.12.3264 (build 22.12.7758.769)