The Volatility Framework

We moved to github.com/volatilityfoundation. For new releases also see Volatility Framework 2.4

Volatility supports memory dumps from all major 32- and 64-bit Windows versions and service packs including XP, 2003 Server, Vista, Server 2008, Server 2008 R2, Seven, 8, 8.1, Server 2012, and 2012 R2. Whether your memory dump is in raw format, a Microsoft crash dump, hibernation file, or virtual machine snapshot, Volatility is able to work with it. We also now support Linux memory dumps in raw or LiME format and include 35+ plugins for analyzing 32- and 64-bit Linux kernels from 2.6.11 - 3.16 and distributions such as Debian, Ubuntu, OpenSuSE, Fedora, CentOS, and Mandrake. We support 38 versions of Mac OSX memory dumps from 10.5 to 10.9.4 Mavericks, both 32- and 64-bit. Android phones with ARM processors are also supported.

Malware and Memory Forensics Training

We've put together an exhaustive course covering everything you need to know about memory forensics for malware investigations, incident response, and digital forensics. The material is "field tested" and has been executed in front of hundreds of students across the US and Europe.

For more information, click the link for the event you're interested in or read student feedback on our blog.

Current Courses:

• Feb 2015 in São Paulo, Brazil
• Jan 2015 in San Francisco, CA
• Dec 2014 in Austin, TX
• Oct 2014 in Reston, VA
• Aug 2014 in Canberra, AU

Past Courses:

• Jun 2014 in London, UK
• May 2014 in New York, NY
• Jan 2014 in San Diego CA
• Nov 2013 in Reston VA
• Sep 2013 in The Netherlands
• Jun 2013 in Reston, VA
• Mar 2013 in Chicago, IL
• Dec 2012 in Reston, VA

The Art of Memory Forensics

This book is written by 4 of the core Volatility developers - Michael Ligh (@iMHLv2), Andrew Case (@attrc), Jamie Levy (@gleeda) and AAron Walters (@4tphi). We've been collaborating for well over 6 years to design the most advanced memory analysis framework and we're excited to be collaborating on a book.