SANS Digital Forensics and Incident Response Blog

Updated Memory Forensics Cheat Sheet

Just in time for the holidays, we have a new update to the Memory Forensics Cheatsheet! Plugins for the Volatility memory analysis project are organized into relevant analysis steps, helping the analyst walk through a typical memory investigation. We added new plugins like hollowfind and dumpregistry, updated plugin syntax, and now include help for those using the excellent winpmem and DumpIt acquisition tools. The cheatsheet includes nearly everything you need to spend a relaxing evening at home analyzing memory dumps. Enjoy! Memory Forensics Cheat Sheet