Volatility - Tools for the extraction of digital artifacts from volatile memory (RAM) images
The Volatility Framework is a completely open collection of tools,
implemented in Python under the GNU General Public License, for the
extraction of digital artifacts from volatile memory (RAM) images. The
extraction techniques are performed completely independent of the system
being investigated but offer unprecedented visibilty into the runtime
state of the system. The framework is intended to introduce people to the
techniques and complexities associated with extracting digital artifacts
from volatile memory images and provide a platform for further work into
this exciting area of research.
The Volatility Framework demonstrates our committment to and belief
in the importance of open source digital investigation tools. Volatile
Systems is committed to the belief that the technical procedures used to
extract digital evidence should be open to peer analysis and review. We
also believe this is in the best interest of the digital investigation
community, as it helps increase the communal knowledge about systems we
are forced to investigate. Similarly, we do not believe the availability
of these tools should be restricted and therefore encourage people to
modify, extend, and make derivative works, as permitted by the GPL.
by Lawrence R. Rogers (2016-12-27):
* Release 2.6-1
by Lawrence R. Rogers (2016-07-08):
* Release 2.5-4
Patch to bring current to 2016-07-08.
by Lawrence R. Rogers (2015-11-18):
* Release 2.5-3
Rebuilt with an older version of distorm3 to address a specific error.