PHASE: Volatility Framework50% COMPLETION
MODULE 08
Memory (RAM) Forensics
Using Volatility to find malware, injected code, and passwords in RAM.
Volatility Framework
Volatility is the industry standard for memory analysis.
volatility -f memory.dmp --profile=Win10x64 pslist
volatility -f memory.dmp --profile=Win10x64 netscan
volatility -f memory.dmp --profile=Win10x64 malfind
volatility -f memory.dmp --profile=Win10x64 netscan
volatility -f memory.dmp --profile=Win10x64 malfind