Volatility - Tools for the extraction of digital artifacts from volatile memory (RAM) images
The Volatility Framework is a completely open collection of tools,
implemented in Python under the GNU General Public License, for the
extraction of digital artifacts from volatile memory (RAM) images. The
extraction techniques are performed completely independent of the system
being investigated but offer unprecedented visibilty into the runtime
state of the system. The framework is intended to introduce people to the
techniques and complexities associated with extracting digital artifacts
from volatile memory images and provide a platform for further work into
this exciting area of research.
The Volatility Framework demonstrates our committment to and belief
in the importance of open source digital investigation tools. Volatile
Systems is committed to the belief that the technical procedures used to
extract digital evidence should be open to peer analysis and review. We
also believe this is in the best interest of the digital investigation
community, as it helps increase the communal knowledge about systems we
are forced to investigate. Similarly, we do not believe the availability
of these tools should be restricted and therefore encourage people to
modify, extend, and make derivative works, as permitted by the GPL.
This version is built with Docker in order to lessen the dependency on Python 2
in the repository.
by Lawrence R. Rogers (2022-03-11):
* Release 2.6.1-8
The errors in the script and logic changes have been corrected by the patch.
The container is now based on CentOS 7.9.2009 and uses volatility from LiFTeR as well as the community plugins.