Volatility

Volatility is a memory forensics tool made for analyzing data captured from a computers RAM modules. Captures can be used to determine all sorts of things about the state of a system when the memory capture was made including

• Cached files
• Cached RSA private/public keys
• Clipboard contents
• Command history
• Driver/kernel module details
• Keyboard buffer contents
• Open sockets
• Registry contents
• Running processes
• Shellbags

• Official Volatility Page