Memory Forensics and Volatility Framework
Memory Forensics and Volatility Framework
com/cado-security/varc
Windows
Linux
OSX
AWS Lambda
Cloud
environments
such as AWS EC2
Containerised
Docker/Kubernetes
environments such as
AWS ECS/EKS/Fargate
Cloud Forensics using Varc:
# python3 varc.py -h and Azure AKS
Information
Plugins for Volatility 2 Plugins for Volatility 3
About
• vol.py -f “/path/file” -o
• vol.py -f “/path/file” --profile <profile>
“/path/dir”
MEMDUMP memdump -p <PID> --dump-
windows.memmap --dump --pid
dir=“/path/dir”
<PID>
Information
Plugins for Volatility 2 Plugins for Volatility 3
About
Information
Plugins for Volatility 2 Plugins for Volatility 3
About
Information
Plugins for Volatility 2 Plugins for Volatility 3
About
• vol.py -f “/path/file” -o
• vol.py -f “/path/file” --profile “/path/dir”
<profile> dumpfiles --dump- windows.dumpfiles
dir=“/path/dir” • vol.py -f “/path/file” -o
• vol.py -f “/path/file” --profile “/path/dir”
FILEDUMP <profile> dumpfiles --dump- windows.dumpfiles
dir=“/path/dir” -Q <offset> --virtaddr <offset>
• vol.py -f “/path/file” --profile • vol.py -f “/path/file” -o
<profile> dumpfiles --dump- “/path/dir”
dir=“/path/dir” -p <PID> windows.dumpfiles
--physaddr <offset>
Information
Plugins for Volatility 2 Plugins for Volatility 3
About
• vol.py -f “/path/file”
windows.vadyarascan --yara-
rules <string>
• vol.py -f “/path/file”
• vol.py -f “/path/file” yarascan -y
YARASCAN windows.vadyarascan --yara-
“/path/file.yar”
file “/path/file.yar”
• vol.py -f “/path/file”
yarascan.yarascan --yara-file
“/path/file.yar”
🔥🔥The course is
Scan to learn more
on 50% Sale now! 🔥🔥