Downloading test images for use with Volatility
For this chapter, we'll be using a Windows XP image named cridex.vmem, which can be downloaded directly from https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples.
Select the link with the Description column, Malware - Cridex to download the cridex.vmem image:
Note
There are many other images on this page that are also publicly available for analysis. To practice working with the Volatility Framework and further enhance your analytical skills, you may wish to download as many as you like and use the various plugins available in Volatility.
Image location
As we'll soon see, all plugins in the Volatility Framework are used through the Terminal. To make access to the image file easier by not having to specify a lengthy path to the image, we have moved the cridex.vmem image to the Desktop:
We can also change the directory to the Desktop and then run the Volatility Framework and its plugins from there. To do this, we open a new Terminal...
