volatility

Application
Frameworks
Memory
Unix
Windows

Author:

AAron Walters

Volatility is an extensible memory forensics tool using python. Volatility comes with a number of standard plugins. The plugins use various techniques to extract artifacts from volatile memory (RAM) samples, these include:
- Running processes
- Open network sockets
- Open network connections
- DLLs loaded for each process
- Open files for each process
Volatility also has support for extracting artificats from Windows Hibernation files and Windows crash dump files.

To view further documentation and follow latest developments visit http://code.google.com/p/volatility/
For a list of additional plugins see http://www.forensicswiki.org/wiki/List_of_Volatility_Plugins

Website:

https://www.volatilesystems.com/default/volatility

Open Source Digital Forensics

Primary links

Navigation

User login

volatility