volatility | So Long, and Thanks for All the Fish

What’s new in Volatility 3?

On November 28, 2019 By Andrea Fortuna In Technology

In last years, the way that operating systems are developed, deployed, and maintained evolved quickly.Similarly, the skillsets of memory analysts and their preferred work flows have changed to meet a world with increasingly large volumes …

How to generate a Volatility profile for a Linux system

On August 22, 2019 By Andrea Fortuna In Dfir, Volatility

When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.

Forensic analysis of Windows 10 compressed memory using Volatility

On August 1, 2019 By Andrea Fortuna In Cybersecurity, Forensics

Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.

How to read Windows Hibernation file (hiberfil.sys) to extract forensic data?

On May 15, 2019 By Andrea Fortuna In Dfir

The #hibernation file (hiberfil.sys) is the file used by default by #Microsoft #Windows to save the machine’s state as part of the hibernation process. #dfir #cybersecurity #volatility

How to analyze a VMware memory image with Volatility

On April 3, 2019 By Andrea Fortuna In Volatility

A very brief post, just a reminder about a very useful volatility feature.