Environment:Windows Vmware
Problem facing on perform analysis for live forensics -
- Analyzing memory dump using Volatility 2.6
Command:
volatility.exe -f bendump.mem imageinfo
result:
Volatility Foundation Volatility Framework 2.6
INFO : volatility.debug : Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated with no profile)
AS Layer1 : FileAddressSpace (c:\Desktop\volatility_2.6_win64_standalone\volatility_2.6_win64_standalone\bendump.mem)
PAE type : No PAE
- How to use volatility to identify the malware running and the activities done by the malware
malware: Created by Quasarat malware tool
please help
A good place to go for assistance with Volatility is the GitHub site:
https://github.com/volatilityfoundation/volatility3
There is a link here for the Slack channel, where a lot of the developers and experienced users regularly post.
Sound like the issue may be to do with the memory profile image. If you are using Volatility2 and have a very modern RAM dump OS file, then it may no longer support this. Vol2 has been superseded by Vol3. Many of the plugins for Vol2 haven't been updated to Vol3.
There is a malfind type plugin for Vol3 I believe