Name: Using Volatility 3 to Combat Modern Malware
Start: 2025-06-04T14:00:00-0400
End: 2025-06-04T14:50:00-0400

Streaming: https://mssvideo.vcu.edu/RVAsec

Wednesday June 4, 2025 2:00pm - 2:50pm EDT

Upstairs, Grand Ballroom F/G

Volatility 3 is the latest version of the Volatility Memory Analysis framework, which has been the most widely used open-source framework for memory forensics since its creation in 2007. This new version of the framework is a complete rewrite starting from the first line of code. In this presentation, attendees will learn about Volatility 3’s new features while also seeing how many brand-new plugins can be used to detect a wide range of sophisticated, modern malware. This will include detection of the techniques currently deployed by ransomware and APT groups to evade EDR detection, inject code in a stealthy manner, and perform lateral movement. Examples of the covered techniques will include process hollowing, module unhooking, and privilege escalation. Attendees will leave understanding how to detect modern malware and attacker toolkits along with how to integrate Volatility 3 and its new features into detection workflows suitable for production use.

Speakers

Andrew Case

Director of Research, Volexity

Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the most widely used open-source memory forensics framework, and a co-author of the highly... Read More →

Wednesday June 4, 2025 2:00pm - 2:50pm EDT
Upstairs, Grand Ballroom F/G

Technical

RVAsec 14

Andrew Case

Attendees (3)

RVAsec 14

Andrew Case

Attendees (3)

Log in to save this to your schedule, view media, leave feedback and see who's attending!