To make things simpler, this article gives an overview of doing a Volatility run, and mentions some tools that can help automate things further.
2010-11-19
Volatility Mem Forensics III–Using Volatility con’t
2011-4-27 Update: The following is for Volatility 1.3. You should be looking at Volatility 1.4. See blog entry on the subject.
This post continues the discussion of how to use Volatility. The strategy now shifts to looking for suspicious objects to obtain executable code samples that can be examined in detail.
This post continues the discussion of how to use Volatility. The strategy now shifts to looking for suspicious objects to obtain executable code samples that can be examined in detail.
2010-11-18
Volatility Memory Forensics II–Using Volatility
2011-4-27 Update: The following is for Volatility 1.3. You should be looking at Volatility 1.4. See blog entry on the subject.
Ok. Having read the previous posts, Volatility is now installed, and you have taken a raw memory dump. This post describes how to use Volatility.
Taking a dump of PC memory
This article describes some ways to take a raw memory dump of a Windows PC.
Volatility Memory Forensics I - Installation
2011-4-27 Update: The following is for Volatility 1.3. You should be looking at Volatility 1.4. See blog entry on the subject.
Memory Forensics has been a subject of major interest over the past year or so. This blog article describes my install experience with Volatility – a major memory forensics tool.
Subscribe to:
Posts (Atom)