SOCC05 - Memory Forensics

Memory Forensics

Situation of Memory Analysis
1. Virtualized Servers
  1. Snapshots capture the memory of the server, and can give you access to the memory
2. Windows makes it hard, but not impossible...
Volatility
1. Great tool for analyzing memory
2. Network, processes, DLL, etc.
3. Volatility GUI
4. Volatility 3 CheatSheet - onfvpBlog