To start the Volatility Framework, click on the All Applications button at the bottom of the sidebar and type volatility in the search bar:

Clicking on the volatility icon starts the program in a Terminal. When Volatility starts, we see that the version being used is 2.6 and also presents us with options for use:

For a complete list of all plugins at your fingertips, open a separate Terminal and run the volatility -h command, rather than having to scroll to the top of the Terminal that you are using to run Volatility plugin commands:

The following screenshot shows a snippet of some of the many plugins within the Volatility Framework:

This list comes in handy when performing analysis as each plugin comes with its own short description. The following screenshot shows a snippet of the help command, which gives a description of the imageinfo plugin:

The format for using plugins in Volatility is:

volatility -f [filename] [plugin] [options]

As seen in the previous section, to use the imageinfo plugin, we would type:

volatility -f cridex.vmem imageinfo