Volatility Meets AI: Transforming Linux and Windows Memory Forensics for Modern Threats
Nullcon Goa 2026 · Day 1
In an era where cyberattacks are increasingly sophisticated, characterized by **fileless malware** and **in-memory persistence**, traditional disk-based forensics often fall short. These modern threats leave minimal disk footprints, making detection and analysis a formidable challenge for security analysts. This talk by Srinivasan and Rajesh, Senior Security Researchers at Microsoft, introduces an innovative framework that leverages **Retrieval Augmented Generation (RAG)** and Artificial Intelligence (AI) to revolutionize memory forensics for both Linux and Windows environments.
AI review
Competent integration work connecting Volatility, RAG pipelines, and LLM analysis for memory forensics — the hybrid retrieval scoring and false-positive mitigation are the most technically honest parts of the talk. It's a reasonable engineering contribution but not a research breakthrough; the threat model (Meterpreter reverse shells as the adversary benchmark) is shallow, and the core insight — 'use RAG to query memory artifacts' — is straightforward enough that the execution details carry most of the weight.