THE DFIR BLOG
Menu

Memory Forensics

Volatility Primer

7/5/2019

 
Help Command
Picture
Image Info:  We often use imageinfo to identify the profile(s) of a forensic memory image but you can also get the information about the image date and time in UTC.
Picture
Once you've identified the right profile; in this case it's Win2008R2SP1x64. You can choose to set it as an environment variable:
export VOLATILITY_PROFILE=Win2008R2SP1x64
You can use unset command to remove it too:
unset VOLATILITY_PROFILE

Comments are closed.

    Archives

    August 2019
    July 2019
    April 2019
    March 2019

    Categories

    All
    Ctf
    Defcon
    DFIR
    Forensics
    Memory
    Memory Forensics

    RSS Feed

  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me
  • Infosec
  • Mac Forensics
  • Windows Forensics
  • Linux Forensics
  • Memory Forensics
  • Incident Response
  • Blog
  • About Me