Volatility

To access material, start machines and answer questions login.

Volatility is a free memory forensics tool developed and maintained by Volatility Foundation, commonly used by malware and analysts within a or as part of their detection and monitoring solutions. Volatility is written in Python and is made up of python plugins and modules designed as a plug-and-play way of analyzing memory dumps.

Volatility is available for Windows, , and Mac and is written purely in Python.

This room uses memory dumps from rooms and memory samples from Volatility Foundation.

Before completing this room, we recommend completing the Core Windows Processes room.

If you plan on using your own machine or the AttackBox to run Volatility, download the files attached to this task. If you plan to use the provided machine, you can deploy it in Task 3.

Answer the questions below

Read the above and move on to installing Volatility.

Ready to learn Cyber Security?

The Volatility room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.

Already have an account? Log in

Volatility

Task 1IntroductionTask includes a downloadable file

Task 2Volatility OverviewPremium

Task 3Installing VolatilityPremium

Task 4Memory ExtractionPremium

Task 5Plugins OverviewPremium

Task 6Identifying Image Info and ProfilesPremium

Task 7Listing Processes and ConnectionsPremium

Task 8Volatility Hunting and Detection Capabilities Premium

Task 9Advanced Memory ForensicsPremium

Task 10Practical InvestigationsPremium

Task 11Conclusion Premium

Ready to learn Cyber Security?