Volatility 2.3.1

An advanced memory forensics framework
Volatility is a completely open collection of tools, implemented in Python for the extraction of digital artifacts from volatile memory (RAM) samples.

The extraction techniques are performed completely independent of the system being investigated but offer unprecedented visibilty into the runtime state of the system.

The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research.

Main features:

  • Image date and time
  • Running processes
  • Open network sockets
  • Open network connections
  • DLLs loaded for each process
  • Open files for each process
  • Open registry handles for each process
  • A process' addressable memory
  • OS kernel modules
  • Mapping physical offsets to virtual addresses (strings to process)
  • Virtual Address Descriptor information
  • Scanning examples: processes, threads, sockets, connections,modules
  • Extract executables from memory samples
  • Transparently supports a variety of sample formats (ie, Crash dump, Hibernation, DD)
  • Automated conversion between formats

last updated on:
May 28th, 2014, 10:12 GMT
file size:
2 MB
price:
FREE!
developed by:
Volatile Systems
license type:
GPL 
operating system(s):
Windows XP / XP 64 bit / Vista / Vista 64 bit / 7 / 7 64 bit / 2003 / 2008
category:
C: \ Programming \ Other Programming Files

FREE!

In a hurry? Add it to your Download Basket!

user rating 1

5.0/5
 

0/5

1 Screenshot
Volatility - This is a list of the application's options and supported plugin commands, in the Command Line interface.

Add your review!

SUBMIT