2010-11-19

Volatility Mem Forensics IV–Putting it all together

To make things simpler, this article gives an overview of doing a Volatility run, and mentions some tools that can help automate things further.


Volatility Mem Forensics III–Using Volatility con’t

2011-4-27 Update: The following is for Volatility 1.3. You should be looking at Volatility 1.4. See blog entry on the subject.

This post continues the discussion of how to use Volatility. The strategy now shifts to looking for suspicious objects to obtain executable code samples that can be examined in detail.


2010-11-18

Volatility Memory Forensics II–Using Volatility

2011-4-27 Update: The following is for Volatility 1.3. You should be looking at Volatility 1.4. See blog entry on the subject.


Ok. Having read the previous posts, Volatility is now installed, and you have taken a raw memory dump. This post describes how to use Volatility.


Taking a dump of PC memory

This article describes some ways to take a raw memory dump of a Windows PC.


Volatility Memory Forensics I - Installation

2011-4-27 Update: The following is for Volatility 1.3. You should be looking at Volatility 1.4. See blog entry on the subject.


Memory Forensics has been a subject of major interest over the past year or so. This blog article describes my install experience with Volatility – a major memory forensics tool.