When you start analyzing a Linux memory dump using volatility, the first problem you may need to face is choosing the correct memory profile.
Tag: volatility
Forensic analysis of Windows 10 compressed memory using Volatility
Memory analysis on Windows 10 is pretty different from previous Windows versions: a new feature, called Memory Compression, make it necessary a forensic tool able to read compressed memory pages.
How to read Windows Hibernation file (hiberfil.sys) to extract forensic data?
The #hibernation file (hiberfil.sys) is the file used by default by #Microsoft #Windows to save the machine’s state as part of the hibernation process. #dfir #cybersecurity #volatility
How to analyze a VMware memory image with Volatility
A very brief post, just a reminder about a very useful volatility feature.
AutoTimeliner: automatically extract forensic timeline from memory dumps
Often, during an incident response, may be necessary to analyze a lot of evidences, like disk and memory dumps.