3. Volatility Overview
Once you acquire the memory of an infected system, the next step is to analyze the acquired memory image. Volatility (http://www.volatilityfoundation.org/releases) is an open source advanced memory forensics framework written in Python that allows you to analyze and extract digital artifacts from the memory image. Volatility can run on various platforms (Windows, macOS, and Linux), and it supports analysis of memory from 32-bit and 64-bit versions of Windows, macOS, and Linux operating systems.
3.1 Installing Volatility
Volatility is distributed in several formats, and it can be downloaded from http://www.volatilityfoundation.org/releases. At the time of writing this book, the latest version of Volatility is version 2.6. Depending on the operating system that you intend to run Volatility on, follow the installation procedure for the appropriate operating system.
3.1.1 Volatility Standalone Executable
The fastest way to get started with Volatility is to use the standalone...