Difficulty

Easy

Steps

5

Time Required

                          2 minutes

Sections

2

  • How to launch Kali Linux Forensics Mode
  • 2 steps
  • How to analyze RAM through Kali Linux Forensics mode
  • 3 steps

Flags

1

Member-Contributed Guide

An awesome member of our community made this guide. It is not managed by iFixit staff.

  • BackKali

  • Full Screen

  • Options

  • History

  • Save to Favorites

  • Download PDF

  • Edit

  • Translate

  • Get Shareable Link

  • Embed This Guide

  • Notify Me of Changes

  • Stop Notifications

Introduction

However, one of the cool things that can be done with memory analysis is that a user can recreate what was happening when an issue occurred by using the Volatility application.

What you need

Step 1

              Plug in your Live Kali Linux USB
  • Plug in your Live Kali Linux USB into your computer and restart your PC.
  • Once your machine is finished restarting you should see Kali’s Boot Loader.

Plug in your Live Kali Linux USB into your computer and restart your PC.

Once your machine is finished restarting you should see Kali’s Boot Loader.

1024

Step 2

              Choose Live (Forensic mode)
  • Choose Live (forensic mode) from the list of options.
  • This will take you into the forensics mode, which contains the tools and packages needed to preform system forensic needs.

Choose Live (forensic mode) from the list of options.

This will take you into the forensics mode, which contains the tools and packages needed to preform system forensic needs.

Step 3

              Open Kali's command line Terminal
  • Press Ctrl + Alt + T to open the Terminal Interface.

Press Ctrl + Alt + T to open the Terminal Interface.

Step 4

              Navigate to Volatility's directory
  • Navigate to the Volatility directory with the command: cd /usr/share/volatility

Navigate to the Volatility directory with the command: cd /usr/share/volatility

Step 5

              Search for the RAM's profile
  • Search for the RAM’s profile with: python vol.py imageinfo -f=

Search for the RAM’s profile with: python vol.py imageinfo -f=

Because Volatility is a Python script, you can enter the command python vol.py -h to gain additional information.

The most important thing you should take away from this guide is to remember to use this information responsibly. Obtaining unauthorized access to another’s computer system or systems is illegal under the Computer Fraud & Abuse Act.

Please use the knowledge gained from this guide responsibly.

Cancel: I did not complete this guide.

                                                                                      One other person completed this guide.

Author

                                      with 1 other contributor 


                    Jacob Mehnert

Member since: 10/18/2021

12,621 Reputation

                                      31 Guides authored                  



                       Badges:
                       42







                                                        +39 more badges

Team

                       iFanatics                        

                                                  Member of iFanatics 



                    Community                     


                                            49 Members                     


                                            102 Guides authored