In last years, the way that operating systems are developed, deployed, and maintained evolved quickly.
Similarly, the skillsets of memory analysts and their preferred work flows have changed to meet a world with increasingly large volumes of complex data.
In order to address these challenges, the Volatility development team has developed an entirely new version of the framework.
Tag: volatility
How to generate a Volatility profile for a Linux system
When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.
Continue reading “How to generate a Volatility profile for a Linux system”Forensic analysis of Windows 10 compressed memory using Volatility
Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.
Continue reading “Forensic analysis of Windows 10 compressed memory using Volatility”How to read Windows Hibernation file (hiberfil.sys) to extract forensic data?
The hibernation file (hiberfil.sys) is the file used by default by Microsoft Windows to save the machine’s state as part of the hibernation process.
Continue reading “How to read Windows Hibernation file (hiberfil.sys) to extract forensic data?”How to analyze a VMware memory image with Volatility
A very brief post, just a reminder about a very useful volatility feature.
Continue reading “How to analyze a VMware memory image with Volatility”