What is Volatility?
Single API.
Memory analysis has become one of the most important topics within the realm of digital investigations. Some consultants may only have access to memory images and Volatility’s memory forensics techniques show deleted data and artifacts that attackers try to hide.
Integration actions
Allows Cyber Triage to perform memory analysis via Volatility.
Whom is it built for?
Internal IR Teams and Consultants.
Why is it useful?
Allows Cyber Triage to analyze memory images when live system analysis is not an option. As a result users will be able to get key artifacts from memory that they would not be able to get from a disk image such as processes, active connections, and opened ports.
Where is it used?
The Cyber Triage/Volatility integration allows users to import a memory image that was collected from a live endpoint and continue their investigation from there. This saves the incident responder time which means faster, more efficient response process
What is the required Cyber Triage version?
Lite, Standard, and Team.
Additional links
- Using Volatility in Cyber Triage
- linkedin.com/company/the-volatility-foundation/
- github.com/volatilityfoundation/volatility/
*For more information about this integration contact our sales team: sales@cybertriage.com.