During the course of the analysis it may become necessary to dump the memory resident pages associated with a process. In this case, the memdump plugin is run against the memory image, with the output directed to the home folder, utilizing the following command:
forensics@ubuntu:~/Documents$ sudo volatility -f stuxnet.vmem --profile=WinXPSP2x86 -p 868 memdump--dump-dir /home/
Volatility will indicate the progress of the dump:
Once the plugin is finished, the dump file is found within the home folder:
Once the dump is complete, the ...