DFIR Blog
  • Infosec
    • Blog
    • CISSP
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • Contact

Memory Forensics

Volatility Primer

7/5/2019

 
Help Command
Picture
Image Info:  We often use imageinfo to identify the profile(s) of a forensic memory image but you can also get the information about the image date and time in UTC.
Picture
Once you've identified the right profile; in this case it's Win2008R2SP1x64. You can choose to set it as an environment variable:
export VOLATILITY_PROFILE=Win2008R2SP1x64
You can use unset command to remove it too:
unset VOLATILITY_PROFILE

Comments are closed.

    Archives

    August 2019
    July 2019
    April 2019
    March 2019

    Categories

    All
    Ctf
    Defcon
    DFIR
    Forensics
    Memory
    Memory Forensics

    RSS Feed

  • Infosec
    • Blog
    • CISSP
    • Threat Landscape
  • Digital Forensics
    • Windows Forensics
    • Mac Forensics
    • Memory Forensics
    • Forensic Resources
  • Incident Response
  • Contact