Additional memory forensic using Volatility

Now after we dump the memory, we need to do some forensics on it. The tool we will use is called Volatility Framework. It can extract digital artifacts from volatile memory (RAM) dumps. Volatility can analyze RAM dumps from 32-bit and 64-bit Windows, Linux, Mac OS, and Android systems.

Download the latest Volatility available.
After you finish downloading the file, you have to extract the files into a folder:
```
$ tar -zxvf volatility-2.2.tar.gz
```
Note
Find the latest Volatility download link here: https://code.google.com/p/volatility/wiki/VolatilityIntroduction
Change the directory to volatility-2.2:
```
$ cd volatility-2.2/
$ ls
```
Our memory analysis will be using the vol.py file.
Note
For a detailed documentation ...

Get Cuckoo Malware Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cuckoo Malware Analysis by Digit Oktavianto, Iqbal Muhardianto

Additional memory forensic using Volatility

Note

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly