Malware Analysis Using Volatility
Volatile Data of a computer is a temporary and they are created when a computer system is running aka in operational condition. They are removed immediately when the system powered off. It is stored on the Random Access Memory (RAM) and other temporary storage units such as Registars of the Computer and not in the main storage partitions of Hard Drives. It could be emails related information, chats or browser history, running processes related information, unsaved data, clipboard contents etc. The analysis of volatile memory for extracting forensic artifacts is called Memory Forensic. Volatile Memory contains the most valuable information about running programs and instructions including running system processes, kernel drivers, loaded modules, executed commands, executable paths, active Network Connections, etc.