The premise of this project is to perform memory forensics and analysis using Volatility. The final report will be linked in the References section. This will be done through Linux as the SIFT Workstation already comes with Volatility pre-installed.
The tools used here are the following:
- SIFT Workstation
- FTK® Imager
- Oracle VM VirtualBox
- Windows 10 ISO
- Solved the problem set with the commands that are offered within Volatility.
- To create a dump file, I used FTK imager for memory collection.
- Learned how to use Volatility commandlets that can manipulate Image Identification, Processes Listings, Process Information, PE File Extraction, Code Injection, Logs/Histories, Network Information, Kernel Memory/Objects, Timelines, Volshell, Dump Conversion, API Hookings, YARA Scanning, File System Resources, GUI Memory, Disk Encryption, Password Recovery and Strings.
- Learned how to use FTK imager for memory collection.