Abstract
As been discussed throughout this book, the computer memory is a good source of information that should not be overlooked during a forensic examination . However, the traditional tools used for forensic examination are not built to handle memory dumps very well. As been discovered in the previous chapter, the memory structure is vastly different from the structure of a secondary storage device. Further, there are differences in how memory is allocated between different operating system versions. For that reason, a forensic examiner needs to have a tool for memory analysis , which is capable of interpreting memory dumps from different operating system versions. One such tool is Volatility that is introduced and described in this chapter in a practical manner. Conveniently enough, Volatility is open source and free to use.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ligh, M. H., Case, A., Levy, J., & Walters, A. (2014). The art of memory forensics: detecting malware and threats in windows, linux, and Mac memory. New York: Wiley.
Volatility Foundation. (2017). Volatility Foundation. Available Online: http://www.volatilityfoundation.org/. Fetched 6 July 2017.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Kävrestad, J. (2018). Volatility. In: Fundamentals of Digital Forensics. Springer, Cham. https://doi.org/10.1007/978-3-319-96319-8_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-96319-8_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-96318-1
Online ISBN: 978-3-319-96319-8
eBook Packages: Computer ScienceComputer Science (R0)