Monthly Archives: June, 2018

  1. Surge Collect Provides Reliable Memory Acquisition Across Windows, Linux, and macOS

    Over the last 10 years, memory acquisition has proven to be one of the most important and precarious aspects of digital investigations.  Unfortunately, many investigators blindly trust free and commercial tools without understanding the associated risks and limitations. Consequently, they often end up with corrupt memory samples, or they crash systems containing volatile data that is critical to their investigations.  While these tools may be readily accessible, many are unsupported or have been effectively abandoned by their original developers. In addition, a recent empirical study showed that most open source or commercial Windows memory acquisition tools either failed to collect or crashed systems with modern security features enabled. Based on user feedback, we determined there was a growing need within the industry to provide reliable and actively supported memory acquisition capabilities across Windows, Linux, and macOS. Acquisition Challenges When we set out to develop Volatility, we decided to focus our […]

  2. Patchwork APT Group Targets US Think Tanks

    In March and April 2018, Volexity identified multiple spear phishing campaigns attributed to Patchwork, an Indian APT group also known as Dropping Elephant. This increase in threat activity was consistent with other observations documented over the last few months in blogs by 360 Threat Intelligence Center analyzing attacks on Chinese organizations and Trend Micro noting targets in South Asia. From the attacks observed by Volexity, what is most notable is that Patchwork has pivoted its targeting and has launched attacks directly against US-based think tanks. Volexity has also found that, in addition to sending malware lures, the Patchwork threat actors are leveraging unique tracking links in their e-mails for the purpose of identifying which recipients opened their e-mail messages. In three observed spear phishing campaigns, the threat actors leveraged domains and themes mimicking those of well-known think tank organizations in the United States. The group lifted articles and themes from […]