Volatility

Where is it used?

Users can import a memory image that was collected from a live endpoint.

Why is it useful?
  • Some consultants may have access to only memory images.
  • Memory forensics techniques will show deleted data and artifacts that the attacker was trying to hide.