Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from samples. extraction of digital artifacts from volatile memory (RAM) samples.
The extraction techniques are performed completely independent of the system under investigation, but provide visibility of the system under investigation.
It can run on Windows, Linux and MacOS. Volatility supports different memory dump formats, including dd, Lime format, EWF and many other files.
https://github.com/volatilityfoundation/volatility
The extraction techniques are performed completely independent of the system under investigation, but provide visibility of the system under investigation.
It can run on Windows, Linux and MacOS. Volatility supports different memory dump formats, including dd, Lime format, EWF and many other files.
https://github.com/volatilityfoundation/volatility