From Volatools to Volatility
There's a new tool to analyze Windows memory dumps: Volatility. At a first glance it looks like Volatools, but there are some significant changes.
The similarity between Volatools and Volatility isn't surprising at all. The project lead of Volatility is AAron Walters who, together with Nick L. Petroni, also developed Volatools.
But now on to the novelties. While Volatools builds on a proprietary closed-source library, Volatility is completely open-source. The package now contains some modules that search ("scan") the memory dump for traces of processes, threads and network activity. Also included are some modules from the vadtools by Brendan Dolan-Gavitt.
Like its predecessor Volatility only supports dd-style memory images which were obtained from Microsoft Windows XP SP2.
Volatility is written in Python, hence it requires the installation of a free Python interpreter.
