From the course: Operating System Forensics

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Memory dump analysis with Volatility

Memory dump analysis with Volatility

From the course: Operating System Forensics

Start my 1-month free trial

Memory dump analysis with Volatility

- [Instructor] Volatility is an open source memory dump analysis program. Shown here is the Volatility project website. The name Volatility stems from the volatile nature of main memory. Volatility is written in Python and available on both Windows and Linux. Let's install Volatility on my Linux machine. Type sudo apt-get install volatility, press Enter. Type password, press Enter. I type Y. As you can see the Volatility 2.6 installation is successful. Type volatility, space -h, press Enter. The output shows a number of plugins that come with the default Volatility installation, which are what makes the tool so useful and powerful. In a real life situation, investigators receive a memory dump file to analyze. They don't necessarily know it stores, which is why the image info plugin is important. Type volatility space -f space ./Documents/Windows.raw space imageinfo. Here, -f specifies the location of the target memory dump file to analyze. In my case, my memory dump file is located in…

Contents