Linux Memory Analysis
Every year, Digital Forensics Research Workshop (DFRWS) challenges the digital forensics community to work on a certain problem. This year's challenge was about Linux memory analysis. Though there are still about three weeks until the conference starts, the first solutions appeared on the net.
The first solution was posted by Nicolas Surribas in his blog #/dev/loop. He examines the file system and select files like Firefox cache and history and then moves on to the memory analysis part.
AAron Walters (Volatility) cooperated with Michael Cohen and David Collett (PyFlag). They adapted the Red Hat crash utility for the challenge, which provided a vast amount of information about processes and opened files. Also, they added Linux support to the Volatility framework. For those who prefer a GUI over a command line tool, the functionality is also available from PyFlag. The (impressive!) analysis has been published in the Volatile Systems blog.
