search

Memory Analysis

hashtag
VMEM dump

Use volatility to get some info about the memory dump

circle-info

Depending if you are using Volatility2 or Volatility3, the commands below might differ but the methodology stays pretty much the same.

circle-exclamation

While running Vol3, If you run into: AttributeError: function/symbol 'ARC4_stream_init' Fix: pip3 install pycryptodome==3.0.0. 

python3 vol.py imageinfo -f Snapshot.vmem

Depending on the output, you might be able to enumerate further.

PreviousLinux - Simple reverse & crackNextForensics

Last updated

Was this helpful?