From the course: Operating System Forensics
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Memory dump analysis with Volatility
From the course: Operating System Forensics
Memory dump analysis with Volatility
- [Instructor] Volatility is an open source memory dump analysis program. Shown here is the Volatility project website. The name Volatility stems from the volatile nature of main memory. Volatility is written in Python and available on both Windows and Linux. Let's install Volatility on my Linux machine. Type sudo apt-get install volatility, press Enter. Type password, press Enter. I type Y. As you can see the Volatility 2.6 installation is successful. Type volatility, space -h, press Enter. The output shows a number of plugins that come with the default Volatility installation, which are what makes the tool so useful and powerful. In a real life situation, investigators receive a memory dump file to analyze. They don't necessarily know it stores, which is why the image info plugin is important. Type volatility space -f space ./Documents/Windows.raw space imageinfo. Here, -f specifies the location of the target memory dump file to analyze. In my case, my memory dump file is located in…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.