Overview
Syllabus
Introduction
What We Will Be Covering
Pre Requisites
Introduction to Volatility
Learning Resources
Practical Demo
What is Volatility?
Using MemLabs to Simulate a Crash/Compromise
Install Volatility
Transfer MemLabs Files to this System
Install and Extract the MemLabs File
Open the Dump in Volatility
Perform KDBG Scan
Extracting Information
Identify Hidden Processes
Investigate What a Process Was Doing
What Commands Were Being Executed?
Scan and Extract a File
Obtain Hashes with Volatility & CyberChef
Exploring Additional Modules
Conclusion
Taught by
Linode