Introduction
Much like how a memory analysis can be done on a hard drive, memory analysis can also be done on RAM modules. Because RAM is a volatile memory source, which means as soon as it is turned off it will loose data.
However, one of the cool things that can be done with memory analysis is that a user can recreate what was happening when an issue occurred by using the Volatility application.
What you need
-
-
Plug in your Live Kali Linux USB into your computer and restart your PC.
-
Once your machine is finished restarting you should see Kali's Boot Loader.
-
-
-
-
Navigate to the Volatility directory with the command: cd /usr/share/volatility
-
-
-
Search for the RAM's profile with: python vol.py imageinfo -f=<location of image file>
-
Because Volatility is a Python script, you can enter the command python vol.py -h to gain additional information.
The most important thing you should take away from this guide is to remember to use this information responsibly. Obtaining unauthorized access to another's computer system or systems is illegal under the Computer Fraud & Abuse Act.
Please use the knowledge gained from this guide responsibly.
Because Volatility is a Python script, you can enter the command python vol.py -h to gain additional information.
The most important thing you should take away from this guide is to remember to use this information responsibly. Obtaining unauthorized access to another's computer system or systems is illegal under the Computer Fraud & Abuse Act.
Please use the knowledge gained from this guide responsibly.
Cancel: I did not complete this guide.
One other person completed this guide.
