docker_file_analysis/data/generated/cheatsheets/volatility3.cheat

# volatility3
# Memory forensics framework — analyze RAM dumps to find malware, hidden processes, network connections, and injected code
# Docs: https://docs.remnux.org/discover-the-tools/perform+memory+forensics

% memory, forensics, volatility, incident-response

# Basic usage
vol3 -f <memory_dump> windows.info

# Process input file
vol3 -f <memory_dump> windows.pslist

# Process input file
vol3 -f <memory_dump> windows.pstree

# Process input file
vol3 -f <memory_dump> windows.netscan

# Process input file
vol3 -f <memory_dump> windows.malfind

# Process input file
vol3 -f <memory_dump> windows.dlllist --pid <PID>

# Process input file
vol3 -f <memory_dump> windows.dumpfiles --pid <PID>


# --- Recipes (multi-tool chains) ---

# >> Quick Memory Dump Triage
# Identify OS
vol3 -f <dump> windows.info
# Process tree (spot anomalies)
vol3 -f <dump> windows.pstree
# Network connections
vol3 -f <dump> windows.netscan
# Injected code detection
vol3 -f <dump> windows.malfind