Posts Tagged ‘Volatility’

Encryption was originally used only for the transfer of confidential information. However, subsequently the information was encrypted for the purpose of storing it in unreliable sources.

Volatility is a well know collection of tools used to extract digital artifacts from volatile memory (RAM). PassMark Software has released Volatility Workbench to aid the use of Volatility with OSForensics.

This article describes the plug-in volatility with a unified output. There are many excellent resources for studying Volatility available. The author of the article wrote an absolute guide for beginners on writing your first plugin.

Danielle Kelly and Xavi Bilbao have extended the Volatility User Guide. The stand-alone version of volatility is good for those who use mostly plug-ins that are provided, rather than need any development. Volatility is an open source memory forensics framework for incident response and malware analysis. It is written in Python and supports Microsoft Windows, Mac OS X, and Linux.

  This user guide contains basic steps for creating and exploring memory dumps. It is important to investigate processes to gain an overview of what applications are running. This is a good initial step when investigating RAM in 32 bit/64 bit systems.