Error message

Deprecated function: The each() function is deprecated. This message will be suppressed on further calls in menu_set_active_trail() (line 2404 of /home/b4gint3h/public_html/includes/menu.inc).

Research

This page lists my published research, such as books and peer-reviewed papers. The Presentations page lists my public presentations.

Books

The Art of Memory Forensics, Wiley, August 2014

CompTIA Advanced Security Practitioner Certification Student Manual, Axzo Press, June 2012

Peer-Reviewed Papers

HookTracer: A System for Automated and Accessible API Hooks Analysis, DFRWS, 2019

Memory Forensics and the Windows Subsystem for Linux, DFRWS, 2018, Best Student Paper Award

Gaslight: A Comprehensive Fuzzing Architecture for Memory Forensics Frameworks, DFRWS, 2017

Detecting Objective-C Malware Through Memory Forensics, DFRWS, 2016, Best Paper Award

Advancing Mac OS X Rootkit Detection, DFRWS, 2015

In Lieu of Swap: Analyzing Compressed RAM in Mac OS X and Linux, DFRWS, 2014, Best Paper Award

Acquisition and Analysis of Volatile Memory from Android Devices, Digital Investigation, 2012

De-Anonymizing Live CDs through Physical Memory Analysis, Blackhat D.C. 2011

Treasure and Tragedy in kmem_cache Mining, DFRWS 2010

Dynamic Recreation of Kernel Data Structures for Live Forensics, DFRWS, 2010

FACE: Automated Digital Evidence Discovery and Correlation, DFRWS, 2008

Technical Guides

HowTo: Privacy & Security Conscious Browsing, 2015

Recovering and Analyzing Deleted Registry Files, 2011

Workshops

De-Anonymizing Live CDs through Physical Memory Analysis, SANS Security East 2012, January 2012, New Orleans

Registry Decoder, SANS Security East 2012, January 2012, New Orleans

Linux Memory Analysis with Volatility, Blackhat Vegas 2011

Trade Publications

Forensic Investigation of Live CDs, Evidence Technology Magazine, December 2011 Edition

Notable Blog Posts

Incorporating Disk Forensics with Memory Forensics - Bulk Extractor, Volatility Labs

Building a Decoder for the CVE-2014-0502 Shellcode, Volatility Labs

Solving the GrrCon Network Forensics Challenge with Volatility, Volatility Labs

Phalanx 2 Revealed: Using Volatility to Analyze an Advanced Linux Rootkit, Volatility Labs

Recoving tmpfs from Memory with Volatility, Memory Forensics Blog