About the Volatility Framework
The Volatility Framework is an open source, cross-platform, incident response framework that comes with many useful plugins that provide the investigator with a wealth of information from a snapshot of memory, also known as a memory dump. The concept of Volatility has been around for a decade, and apart from analyzing running and hidden processes, is also a very popular choice for malware analysis.
To create a memory dump, several tools such as FTK imager, CAINE, Helix, and LiME (an acronym for Linux Memory Extractor) can be used to acquire the memory image, or memory dump, and then be investigated and analyzed by the tools within the Volatility Framework.
The Volatility Framework can be run on any operating system (32- and 64-bit) that supports Python, including:
- Windows XP, 7, 8,8.1, and Windows 10
- Windows Server 2003, 2008, 2012/R2, and 2016
- Linux 2.6.11 - 4.2.3 (including Kali, Debian, Ubuntu, CentOS, and more)
- macOS Leopard (10.5.x) and Snow Leopard (10.12...