This page contains documents, such as papers and presentations, authored by Velocidex Innovations and Dr Michael Cohen.

Papers and Presentations

NZITF Conference Velociraptor WorkshopWorkshop slides2018
Velociraptor - An advanced endpoint monitoring toolWhite Paper2018
Anti-Forensic Resilient Memory Acquisition. Johannes Stuttgen and Michael Cohen. Proceedings of The Digital Forensic Research Conference DFRWS 2013 USA Monterey, CADFRWS20132013
Automatic profile generation for live Linux Memory analysis. Arkadiusz Socała and Michael Cohen. DFRWS 2016 Europe - Proceedings of the Third Annual DFRWS EuropeDFRWS2016EU2016
Characterization Of The Windows Kernel Version Variability For Accurate Memory Analysis. Michael Cohen. The proceedings of The Digital Forensic Research Conference DFRWS 2015 EU Dublin, IrelandDFRWS2015EU2016
Forensic Analysis of Windows User space Applications through Heap allocations. Michael Cohen. 3rd IEEE International Workshop on Security and Forensics in Communication Systems 2015p1138-cohen2016
Robust Linux Memory Acquisition with Minimal Target Impact. Johannes Stuettgen and Michael Cohen. Proceedings of The Digital Forensic Research Conference DFRWS 2014 EU Amsterdam, NLDFRWS2014EU2015
Scanning Memory with Yara. Michael Cohen. Digital Investigation 20, pp34-43.DIIN_6732016
DFRWS 2015 Workshop. Reverse engineering a windows application using Rekall.ForensicReverseEngineeringwithRekall-Workshopnotes2015
DFRWS 2016 Workshop. Using GRR and Rekall for Scalable Memory Analysis.DFRWS2016_Rekall_Workshop2016
DFRWS 2017 Workshop. Rekall Everywhere - DFIR in the Cloud Workshop
Rekall Workshop2017
Open Source Digital Forensics Conference 2017. Rekall Agent - Leveraging cloud technologies for DFIR at scaleRekall Agent OSDFCon 20172017
Digital Forensics and
Incident Response in the
Cloud Auscert 2018 Workshop
Slides Part 1
Slides Part 2
Slides Part 3