Your IP-address is: this Saturday 09, Dec 2023, 22:47:44

Published content

Volatility Memory Forensic Tool

Volatility Memory Forensic Tool.

Volatility helps identify malicious processes, networking, open connections, etc. in the compromised system. With the program you can take a dump of the RAM and analyze it.

The Volatility Foundation is an independent 501(c) (3) non-profit organization that maintains and promotes open source memory forensics with The Volatility Framework.

Volatility is written in Python and can be used for both 32/64 bit RAM analysis and supports analysis of Windows, Linux, Mac & Android systems. It is used to analyze memory crashes, raw dumps, VMware and VirtualBox dumps.

Latest version: Volatility3 - 2.4.1 released April, 2023.

Features / Support for:

  • Raw / padded physical memory.
  • Firewire (IEEE 1394).
  • Expert Witness (EWF).
  • 32 and 64-bit Windows krash dump.
  • 32 and 64-bit Windows sleep mode.
  • 32 and 64-bit MachO files.
  • Virtualbox Core Dumpar.
  • VMware Saved State (.vmss) and Snapshot (.vmsn).
  • HPAK Format (FastDump).
  • QEMU memory dump.

No longer in Debian11/12 repository.

You need to download and compile from source.

Releases here.

Developers website