Video: https://www.youtube.com/watch?v=R1X8V9yy_Y4Documentation Index
Fetch the complete documentation index at: https://docs.socfortress.co/llms.txt
Use this file to discover all available pages before exploring further.
Goal
Use Volatility 3 to hunt malware and suspicious activity in memory dumps.When to use
- When you have a memory capture from a suspicious host
- When you need deeper insight than disk/EDR telemetry provides
Prereqs
- Memory dump acquired and stored securely
- Volatility 3 available in your analysis environment
Procedure (high level)
- Identify profile/context and validate the dump
- Enumerate processes and suspicious artifacts
- Pivot into network, modules, command lines, and persistence indicators
- Document findings and feed back into detections
Validation
- Findings are reproducible and mapped to concrete evidence