Additional memory forensic using Volatility
Now after we dump the memory, we need to do some forensics on it. The tool we will use is called Volatility Framework. It can extract digital artifacts from volatile memory (RAM) dumps. Volatility can analyze RAM dumps from 32-bit and 64-bit Windows, Linux, Mac OS, and Android systems.
- Download the latest Volatility available.
- After you finish downloading the file, you have to extract the files into a folder:
$ tar -zxvf volatility-2.2.tar.gz
Note
Find the latest Volatility download link here: https://code.google.com/p/volatility/wiki/VolatilityIntroduction
- Change the directory to
volatility-2.2
:$ cd volatility-2.2/ $ ls
Our memory analysis will be using the
vol.py
file.Note
For a detailed documentation ...
Get Cuckoo Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.