Our Volatility plugin extracts and immediately classifies all binary code inside a memory dump. Results can be viewed in an interactive report providing full visibility and classification for every piece of the code that resides in that memory dump.
Table of Contents
About the Plugin
The Intezer Analyze Volatility plugin dramatically reduces your investigation time from hours to minutes. See what code was running, classify malicious components, and filter out trusted application code, allowing you to focus on unique or suspicious artifacts worth taking a deeper look.
- Memory dumps supported: All Windows versions
- Volatility versions supported: Volatility 2.0
How Does it Work?
- Our plugin extracts all the binary code from the memory dump and sends it to Intezer Analyze. The process should take around 20 minutes, but it can take longer for very large memory dumps.
- The collected modules are analyzed using Intezer's Genetic Software Mapping technology.
- The system provides an interactive report that shows all of the extracted code and their analysis results.
How to Get Started?
- Check out the Scan Memory Dump page and go over the steps
- You can also refer to the FAQ section at the bottom of the page.