search

Memory Forensics

wait, what did i eat for breakfast?

circle-info

Memory Forensics is the analysis of the volatile memory, mainly Random Access Memory (RAM).

hashtag
Volatility

What is Volatility?

  • Volatilityarrow-up-right extracts digital artifacts from volatile memory (RAM) samples. memory capture file is like .bin, .mem, .raw, .sav, .vmem.

# OS information
python vol.py -f <filename> windows.info

# Process information
python vol.py -f <filename> windows.pslist
python vol.py -f <filename> windows.psscan
python vol.py -f <filename> windows.pstree

# Network connections
python vol.py -f <filename> windows.netscan

# Hidden processes
python vol.py -f <filename> windows.ldrmodules

# Detect malware
python vol.py -f <filename> windows.malfind

# DLL files
python vol.py -f <filename> windows.dlllist

hashtag
External References

PreviousWindows ForensicsNextBase32, Base64

Last updated