Volatility

WHAT IS VOLATILITY?

Single API

Memory analysis has become one of the most important topics within the realm of digital investigations. Some consultants may only have access to memory images and Volatility’s memory forensics techniques show deleted data and artifacts that attackers try to hide.

INTEGRATION ACTIONS:

Allows Cyber Triage to perform memory analysis via Volatility.

WHOM IS IT BUILT FOR?

Internal IR Teams & Consultants

WHY IS IT USEFUL?

Allows Cyber Triage to analyze memory images when live system analysis is not an option. As a result users will be able to get key artifacts from memory that they would not be able to get from a disk image such as processes, active connections, and opened ports.

WHERE IS IT USED?

The Cyber Triage/ Volatility integration allows users to import a memory image that was collected from a live endpoint and continue their investigation from there. This saves the incident responder time which means faster, more efficient response process 

WHAT IS THE REQUIRED CYBER TRIAGE VERSION?

Lite, Standard, and Team

ADDITIONAL LINKS:

https://www.cybertriage.com/2018/using-volatility-in-cyber-triage/ 

https://www.linkedin.com/company/the-volatility-foundation/ 

https://github.com/volatilityfoundation/volatility 

*For more information about this integration contact our sales team:  Sales@cybertriage.com.