# volatility3 # Memory forensics framework — analyze RAM dumps to find malware, hidden processes, network connections, and injected code # Docs: https://docs.remnux.org/discover-the-tools/perform+memory+forensics % memory, forensics, volatility, incident-response # Basic usage vol3 -f windows.info # Process input file vol3 -f windows.pslist # Process input file vol3 -f windows.pstree # Process input file vol3 -f windows.netscan # Process input file vol3 -f windows.malfind # Process input file vol3 -f windows.dlllist --pid # Process input file vol3 -f windows.dumpfiles --pid # --- Recipes (multi-tool chains) --- # >> Quick Memory Dump Triage # Identify OS vol3 -f windows.info # Process tree (spot anomalies) vol3 -f windows.pstree # Network connections vol3 -f windows.netscan # Injected code detection vol3 -f windows.malfind