Introduction
AutoVol is part of the SDF Memory Forensics 2 Class available at: https://udemy.com/course/surviving-digital-forensics-memory-analysis-2/
Learn to use Volatility to conduct a malware compromise assessment.
This class teaches students how to conduct memory forensics using Volatility.
- Learn how to use & combine plugin results to identify malware
- Learn how to create a script to automate running plugins and post-processing data refinement
- Learn how to run and interpret plugins
- Hands-on practicals reinforce learning
- Learn all of this in about one hour using all freely available tools.
The script
This tool or script was initial written for *nix
based systems by Michael Leclair / DFIR Podcast.
To-do:
- Produce a lightweight Windows version with Batch and Powershell (requires experimentation and assumes FLARE-VM / Volatility Windows Standalone Executable is successfully installed).
- Optimize the script(s) if possible.