Tag Archives: Volatility


Volatility Malware Analysis

For the second part of our Volatility project, we wanted to determine whether or not we could find traces of malware in a system that was once put in hibernation mode. When a user puts their computer into hibernation, a hiberfil.sys file is created. If a system has malware running in the background and is then put into hibernation, we hypothesized that hiberfil.sys will have remnants of the malicious code. Continue reading


Volatility Plugins

Volatility, the memory forensics framework, is equipped with an abundance of powerful plugins and this number is continuously growing. It is important for law enforcement to understand which plugins to use and when, as well as how to get them to function properly. Testing and running the different commands within Volatility was the first part of our project. Continue reading


Volatility Introduction

For about a month now, a team of students lead by Forensics Intern Catherine Stamm has been working on a Volatility project at the LCDI. Volatility is an open source memory forensics framework that is capable of performing memory dumps for malware analysis, registry hive scans, and searches for hidden processes among other things.  Team members include Computer and Digital Forensic majors Daniel Doonan and David Leberfinger and programmer Connor Hicks. Continue reading