In this chapter, we looked at memory forensics and analysis using some of the many plugins available within the Volatility Framework. One of the first, and most important, steps in working with Volatility is choosing the profile that Volatility will use throughout the analysis. This profile tells Volatility what type of operating system is being used. Once the profile was chosen, we were able to successfully perform process, network, registry, DLL, and even malware analysis using this versatile tool. As we've seen, Volatility can perform several important functions in digital forensics and should be used together with other tools we've used previously to perform in-depth and detailed forensic analysis and investigations.
In our next chapter, we will move on to another powerful tool that does everything from acquisition to reporting. Let's get started with Autopsy—The Sleuth Kit®.