Volatility notes

When you start using Volatility for the first time, you will encounter the problem like me, Should I use Volatility 2 or 3

The version problems

I'm very stressed when using volatility because of the version, you have to use vol2 and vol3 together because some jobs require you to use vol2 because vol3 doesn't have that type of function and vol2 does the job better than vol3 (or other way around)

So get use to it. After you install the vol2 and 3 you should set up an alias for vol.py to vol2 (for better clarity) add this to your .bashrc or .zsh -> Make your life easier

alias vol2='vol.py'

Practical Notes

How to fix annoying errors from volatility

You will come across this once or twice or maybe a thousand times, I have already been in that situation before and now I'm here to show you how to fix it

Installation and Plugins error

Symbol error (Vol3)

When you install vol3 from the source, on the first run you will something get this error

How to dump the file

Most of you when you started out this Forensic thing if you struggle with how to dump a file from memory like me then here we go [Dump File flow chart]

Do you want to dump the file?

You got to have its offset or physical address

Plugins Links

https://github.com/superponible/volatility-plugins

PreviousSRUM (System Resource Usage Monitor)NextUnderstand Logon Session in Windows

Last updated 3 years ago

hashtagThe version problems

hashtagPractical Notes

hashtagHow to fix annoying errors from volatility

hashtagInstallation and Plugins error

hashtagSymbol error (Vol3)

hashtagHow to dump the file

hashtagPlugins Links