volatility

Storm Shadow

Administrator
Staff member
Developer
Ida Pro Expert
Elite Cracker
The Volatility Framework

The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.
Download the latest release: Volatility Framework 2.3
Read documentation on our wiki
Volatility supports memory dumps from all major 32- and 64-bit Windows versions and service packs including XP, 2003 Server, Vista, Server 2008, Server 2008 R2, and Seven. Whether your memory dump is in raw format, a Microsoft crash dump, hibernation file, or virtual machine snapshot, Volatility is able to work with it. We also now support Linux memory dumps in raw or LiME format and include 35+ plugins for analyzing 32- and 64-bit Linux kernels from 2.6.11 - 3.5.x and distributions such as Debian, Ubuntu, OpenSuSE, Fedora, CentOS, and Mandrake. We support 38 versions of Mac OSX memory dumps from 10.5 to 10.8.3 Mountain Lion, both 32- and 64-bit. Android phones with ARM processors are also supported. Support for Windows 8, 8.1, Server 2012, 2012 R2, and OSX 10.9 (Mavericks) is either already in svn or just around the corner, so stay tuned for our next release!
Malware and Memory Forensics Training

We've put together an exhaustive course covering everything you need to know about memory forensics for malware investigations, incident response, and digital forensics. The material is "field tested" and has been executed in front of hundreds of students across the US and Europe.
For more information, click the link for the event you're interested in or read student feedback on our blog.
Current Courses:
Past Courses:
The Art of Memory Forensics

This book is written by 4 of the core Volatility developers - Michael Ligh (@iMHLv2), Andrew Case (@attrc), Jamie Levy (@gleeda) and AAron Walters (@4tphi). We've been collaborating for well over 6 years to design the most advanced memory analysis framework and we're excited to be collaborating on a book. Unlike some other books, which will run you $50 for 250 pages (we call those expensive brochures), The Art of Memory Forensics will be over 700 pages.

v.png




https://code.google.com/p/volatility/
 
Top