Skip to main content

Volatility

Downloading Volatility

Download the standalone executable based on your operating environment:

  • Linux
  • Mac OS
  • Windows

The latest version of Volatility can be downloaded here: https://www.volatilityfoundation.org/releases

 

Usage Overview

Taken from my HackTheBox write-up here: https://benheater.com/hackthebox-silo/#privilege-escalation

# Show help message
./volatility --help

# List profiles (and other info)
./volatility --info
# List profiles and grep for Windows Server 2012 Memory Profiles
./volatility --info | grep 2012

# Example command: will take a bit to run
#	./volatility : runs the executable
#	-f : specify the memory dump file
#	--profile : specify the operating system profile
#	hashdump : the Volatility module to run
./volatility -f memdump.dmp --profile=Win2012R2x64 hashdump
Back to top