VOLATILITY

The Volatility framework is an open source tool written in Python which allows you to analyze memory images. We briefly mentioned Volatility way back in Chapter 3 on live response. The first version of Volatility that supported Linux was released in October 2012. Hopefully Linux support in Volatility will continue to evolve.

We will only cover parts of Volatility that apply to Linux systems. We will not delve too deeply into some of the theory behind how Volatility works either. Our focus is on using the tool. If you are running a Debian-based Linux, Volatility might be available in standard repositories, in which case it can be installed using sudo apt-get install volatility volatility-profiles volatility-tools. If you need to install from source, download the latest version source archive from http://volatilityfoundation.org, uncompress it, then install it by typing sudo ./setup.py install from the main Volatility directory.