There’s a LOT of UEFI firmware-centric stuff that could be added to Volatility. I hope some creative security researchers consider some of the ‘low-hanging fruit’, they are offering $$ as reward for the code. 🙂 Integration with CHIPSEC’s library for forensic examination. Tianocore’s GUIDs and structure signatures, TE image format (small tweaks to PE+), firmware volume and capsule and related container formats. I wonder if Volatility can be ported to UEFI’s CPython 2.7x, so it can be used inside UEFI, and have much more access to the system? If not ported, then a bridge to an OS-level Volatility talking to CPython inside an OVMF? There’s a lot of existing Python code on exising Github projects that could be refactored, as well.
http://www.volatilityfoundation.org/#!2015/c1qp0
Home of The Volatility Foundation | Volatility Memory Forensics
Firmware Security 