performing-memory-forensics-with-volatility3-plugins

Featured

Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware artifacts in Windows, Linux, and macOS memory images.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%

100

Recency 20%

100

Frontmatter 20%

Documentation 15%

100

Issue Health 10%

License 10%

100

Description 5%

100

Skill Content

# Performing Memory Forensics with Volatility3 Plugins ## Overview Volatility3 (v2.26.0+, feature parity release May 2025) is the standard framework for memory forensics, replacing the deprecated Volatility2. It analyzes RAM dumps from Windows, Linux, and macOS to detect malicious processes, code injection, rootkits, credential harvesting, and network connections that disk-based forensics cannot reveal. Key plugins include `windows.malfind` (detecting RWX memory regions indicating injection), `windows.psscan` (finding hidden processes), `windows.dlllist` (enumerating loaded modules), `windows.netscan` (active network connections), and `windows.handles` (open file/registry handles). The 2024 Plugin Contest introduced ETW Scan for extracting Event Tracing for Windows data from memory. ## When to Use - When conducting security assessments that involve performing memory forensics with volatility3 plugins - When following incident response procedures for related security events - When performing scheduled security testing or auditing activities - When validating security controls through hands-on testing ## Prerequisites - Python 3.9+ with `volatility3` framework installed - Memory dump files (`.raw`, `.dmp`, `.vmem`, `.lime`) - Windows symbol tables (ISF files, auto-downloaded) - Understanding of Windows process memory architecture - YARA integration for in-memory pattern scanning ## Workflow ### Step 1: Process Analysis for Malware Detection ```python #!/usr/bin/env py...

Details

Author: mukul975
Repository: mukul975/Anthropic-Cybersecurity-Skills
Created: 3 months ago
Last Updated: today
Language: Python
License: Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-memory-forensics-with-volatility3

Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules, and evidence of malicious activity.

12,642 Updated today

mukul975

AI & Automation Featured

conducting-memory-forensics-with-volatility

Performs memory forensics analysis using Volatility 3 to extract evidence of malware execution, process injection, network connections, and credential theft from RAM dumps captured during incident response. Covers memory acquisition, process analysis, DLL inspection, and malware detection. Activates for requests involving memory forensics, RAM analysis, Volatility framework, memory dump investigation, volatile evidence analysis, or live memory acquisition.

12,642 Updated today

mukul975

AI & Automation Featured

analyzing-memory-dumps-with-volatility

Analyzes RAM memory dumps from compromised systems using the Volatility framework to identify malicious processes, injected code, network connections, loaded modules, and extracted credentials. Supports Windows, Linux, and macOS memory forensics. Activates for requests involving memory forensics, RAM analysis, volatile data examination, process injection detection, or memory-resident malware investigation.

12,642 Updated today

mukul975

AI & Automation Listed

analyzing-memory-dumps-with-volatility

6 Updated today

26zl

AI & Automation Solid

memory-forensics

Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility and related tools. Use when analyzing memory dumps, investigating incidents, or performing malware analysis from RAM captures.

36,166 Updated yesterday

wshobson