Use volatility to get some info about the memory dump
Depending if you are using Volatility2 or Volatility3, the commands below might differ but the methodology stays pretty much the same.
While running Vol3, If you run into: AttributeError: function/symbol 'ARC4_stream_init' Fix: pip3 install pycryptodome==3.0.0.
python3 vol.py imageinfo -f Snapshot.vmem
Depending on the output, you might be able to enumerate further.
Last updated 4 years ago
python3 vol.py -f Snapshot.vmem hashdump
