Volatility: Advanced Memory Forensics. Congratulations to the winners of Forensic Challenge FC10- Attack Visualization ! While the quantity of submissions for FC10 was lower than usual - we had expected this because of the amount of work required to submit plus being over the Christmas break - the quality of the solutions was really inspiring.
Of course the hardest part was deciding the winners, and as expected the traditional scoring method was not ideal for this type of challenge because the challenge was about creating and developing ideas, rather than just answering a number of dry questions. Quite a few people people used the challenge not so much to win a prize, but to have fun, develop an idea they've had, practice on some real datasets, learn, and teach. This was exactly the spirit we'd hoped for, so thanks to everyone for putting in a big effort. The Winners and their solutions:Fabian Fischer - solution.
Haypo / hachoir / wiki / Home — bitbucket.org. Hachoir is a Python library that allows to view and edit a binary stream field by field.
In other words, Hachoir allows you to "browse" any binary stream just like you browse directories and files. A file is split in a tree of fields, where the smallest field is just one bit. There are other fields types: integers, strings, bits, padding types, floats, etc. Hachoir is the French word for a meat grinder (meat mincer), which is used by butchers to divide meat into long tubes; Hachoir is used by computer butchers to divide binary files into fields. Network Forensics Blog. Malware Forge. Buster Sandbox Analyzer. Wotsit.org.