Effectively Detecting Modern Malware with Volatility 3

Presented at DEF CON 33 (2025), Aug. 8, 2025, 9 a.m. (240 minutes).

Volatility 3 is the latest version of the Volatility Memory Analysis framework and is a complete re-design and rewrite of the framework suited to meet the needs of modern investigations. In this workshop, students will learn Volatility 3’s new features aimed at efficiency and usability as well as all the new and updated Windows plugins capable of detecting modern malware. During the workshop, students will experience a mix of lecture and live demonstration about the latest malware techniques followed by hands-on labs that will require students to analyze infected memory samples. While students complete each lab, instructors will walk to each student’s station to ensure they are progressing. An instructor will also completely walk through each lab live, and students are given a 35+ page PDF lab guide that contains all the lab scenarios, questions, and detailed answers, including many screenshots and explanations. Students can then use the course slides and lab guide to practice labs over time as well as to guide real-world investigations of compromised systems. By attending this workshop, students will leave knowing the most effective ways to detect modern Windows malware using the latest version of the mostly widely used open-source framework for memory analysis.

Presenters:

• Andrew Case - Director of Research at Volexity
  Andrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the most widely used open-source memory forensics framework, and a co-author of the highly popular and technical forensics analysis book "The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory." Case has spoken at many industry conferences, including DEF CON, Black Hat, RSA, DFRWS, SecTor, BSides*, and OMFW.
• Lauren Pace - Computer Science PhD Student at LSU
  Lauren Pace is a PhD Student Researcher at Louisiana State University. She is a recipient of a Scholarship for Service scholarship and is performing funded research on complex problems and topics in memory forensics. Lauren has delivered Volatility 3 workshops at conferences, such as DFRWS, and is actively involved in her local cybersecurity clubs and community.
• Daniel Donze
  Daniel Donze (He/Him) is a PhD Student Researcher in Computer Science at Louisiana State University. His research has previously contributed to the Volatility Framework, and his current interests include memory forensics and malware analysis. He has presented research at BSides Las Vegas as well as several local events. He previously worked as a fullstack web and software developer and security researcher. His hobbies include cooking, playing guitar, mixology and craft beer.

Similar Presentations:

• DEF CON 33 (2025) / Defeating Malware Evasion: Techniques and Countermeasures Workshop
• AppSec USA 2015 / Training (2 days) : Malware Crash Course
• DEF CON 33 (2025) / Whitebox Web Exploit Dev (WWED) Workshop