Volatility
Volatility is a memory forensics tool made for analyzing data captured from a computers RAM modules.
| Type | Part # | Supplier | URL |
|---|---|---|---|
| Memory Forensics Tool | Volatility Foundation | https://www.volatilityfoundation.org |
Background Information
Volatility is a memory forensics tool made for analyzing data captured from a computers RAM modules. Captures can be used to determine all sorts of things about the state of a system when the memory capture was made including
- Cached files
- Cached RSA private/public keys
- Clipboard contents
- Command history
- Driver/kernel module details
- Keyboard buffer contents
- Open sockets
- Registry contents
- Running processes
- Shellbags
Additional Information
Referenties van handleiding(1)
| How to analyze RAM through Kali Linux Forensics mode |
Toont referenties naar 1-handleidingen
