Our Volatility plugin extracts and immediately classifies all binary code inside a memory dump. Results can be viewed in an interactive report providing full visibility and classification for every piece of the code that resides in that memory dump.
Table of Contents
About the Plugin
The Intezer Analyze Volatility plugin dramatically reduces your investigation time from hours to minutes. See what code was running, classify malicious components, and filter out trusted application code, allowing you to focus on unique or suspicious artifacts worth taking a deeper look.
- Memory dumps supported: All Windows versions
- Volatility versions supported: Volatility 2.0
How to Get Started?
- Go to the Scan Memory Dump page to download the Volatility plugin and see how to get your API key.
You can also refer to the FAQ section at the bottom of the Memory Dump page.
How Does it Work?
- Our plugin extracts all the binary code from the memory dump and sends it to Intezer. The process should take around 20 minutes, but it can take longer for very large memory dumps.
- The collected modules are analyzed using Intezer's Genetic Analysis technology.
- Intezer provides an interactive analysis report that shows all of the extracted code and analysis results.