crwdns2933423:0crwdne2933423:0

How to analyze RAM through Kali Linux Forensics mode

crwdns2942213:0crwdne2942213:0

  1. How to analyze RAM through Kali Linux Forensics mode, Plug in your Live Kali Linux USB: crwdns2935265:01crwdnd2935265:01crwdnd2935265:01crwdne2935265:0
    • Plug in your Live Kali Linux USB into your computer and restart your PC.

    • Once your machine is finished restarting you should see Kali's Boot Loader.

    • Choose Live (forensic mode) from the list of options.

    • This will take you into the forensics mode, which contains the tools and packages needed to preform system forensic needs.

    • Press Ctrl + Alt + T to open the Terminal Interface.

    • Navigate to the Volatility directory with the command: cd /usr/share/volatility

    • Search for the RAM's profile with: python vol.py imageinfo -f=<location of image file>

crwdns2915888:0crwdne2915888:0

Because Volatility is a Python script, you can enter the command python vol.py -h to gain additional information.

The most important thing you should take away from this guide is to remember to use this information responsibly. Obtaining unauthorized access to another's computer system or systems is illegal under the Computer Fraud & Abuse Act.

Please use the knowledge gained from this guide responsibly.

crwdns2935227:0crwdne2935227:0

Jacob Mehnert

crwdns2935283:010/18/21crwdne2935283:0

27 297 crwdns2915208:0crwdne2915208:0

crwdns2935297:043crwdne2935297:0

crwdns2915084:0crwdne2915084:0

iFanatics crwdns2935289:0iFanaticscrwdne2935289:0

Community

crwdns2931471:054crwdne2931471:0

crwdns2935297:0156crwdne2935297:0

crwdns2944067:00crwdne2944067:0

crwdns2917038:0crwdne2917038:0

crwdns2936625:0crwdne2936625:0:

crwdns2936751:024crwdne2936751:0 4

crwdns2936753:07crwdne2936753:0 14

crwdns2936753:030crwdne2936753:0 59

crwdns2942667:0crwdne2942667:0 2,014