Studying memory with the Volatility memory dump analyzer

Conclusions

The developers put a lot of hard work into the latest version of Volatility, and the new Linux commands expand the feature set substantially. Compared with the previous methods of memory assessment, restricted mostly to strings commands, the new tools seem like a quantum leap that will continue with Android and iOS in version 2.3. The downside is that creating profiles is time-consuming, although not the fault of Volatility. Perhaps the distribution developers should consider their duties.

The Author

Hans-Peter Merkel has focused on data forensics for many years in the open source community. He trains employees of law enforcement agencies in Europe, Asia, and Africa, and is a founder member and chairman of FreiOSS.net and Linux4Afrika.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Memory Analysis

    In computer forensics, memory analysis is becoming increasingly important as a means for investigating security incidents. In this article, we provide an overview of the various memory dumping options on Linux and introduce the support in Linux for the Volatility Analysis Framework.

comments powered by Disqus

Direct Download

Read full article as PDF:

Price $2.95

News