
Volatility
Where is it used?
Users can import a memory image that was collected from a live endpoint.
Why is it useful?
- Some consultants may have access to only memory images.
- Memory forensics techniques will show deleted data and artifacts that the attacker was trying to hide.