Join Jungwoo Ryoo for an in-depth discussion in this video Memory dump analysis with Volatility, part of Learning Computer Forensics.
…Volatility is an open source live acquisition tool.…In this lesson, we'll learn how to use volatility to conduct a live acquisition.…Volatility is a command prompt tool.…So we'll have to open our command prompt on Windows.…Press Windows key, and then R, together, and then simply type CMD.…Click on okay, now you're ready to type in your command.…As you can see, my volatility program is copied on my…desktop which is why I have to change my directory to the desktop.…Type cd desktop.…Once you're in your desktop directory, type the name of…the program which is volatility, and type the rest of the name of the program.…Before we move forward, we need to copy our memory dump file to the desktop too.…
Open your windows explorer by pressing the window key and then E key together.…Go to Desktop, select Exercise files, choose chapter 4,…and then you see windows.raw file.…Right click on it, select copy, and then paste it on your desktop.…We're going to close this window.…Now you're ready to try the memory dump file.…
- Understanding computer forensics
- Understanding partitioning
- Using a hex editor
- Preparing a target drive
- Acquiring data
- Ensuring data integrity with hashing
- Indexing and searching
- Generating a report
Skill Level Intermediate
Q: Which operating systems support built-in write blocking?
Q: Are there other ways to access deleted files in the usbimage.001 file?
Small Office Networking to Connect, Share, and Printwith Garrick Chow3h 23m Appropriate for all
Heartbleed Tactics for Small IT Shopswith David Gassner16m 39s Beginner
1. Understanding Computer Forensics
2. Preparing for a Computer Forensics Investigation
3. Preserving Data
4. Acquiring Data
5. Analyzing Data
Next steps1m 1s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.