Research Computer Memory with Volatility
If you ever need to analyze a complete machine memory dump … er … for some reason, then learning a little about Volatility would be a good idea.
The purpose of Volatility is computer memory forensics.
If you ever need to analyze the memory from a Microsoft computer OS, it is possible to use Volatility to read normally secured memory locations for all sorts of handy data like Domain credentials, TrueCrypt keys, analyze spyware and viruses that are not caught by the normal file-based scanning tools. Lots of good stuff in there.
We just need to cause a BSOD and dump first, which we all know is not difficult at all. With the dump file, turn Volatility loose.
From a security standpoint, this tells us to never leave a running PC with credentials, do not hibernate, suspend, and do not walk away.
I’m sure there is much more that Volatility can be used for, but Karl didn’t have time to teach everything. The video is here
