Andrew Case (Volatility Core Developer) gave this talk in April 2020 as an online Volexity Cyber Session.
Since its initial public release over a decade ago, Volatility has attracted one of the largest and most active communities of users and developers in the digital forensics industry. As a result of those contributions, it has become the world’s most advanced and widely used memory forensics platform. In the digital forensics research community, Volatility has served as the foundation of a thriving ecosystem that continues to facilitate the rapid transition of cutting-edge technologies into the hands of digital investigators across the globe.
During the same period, the industry has continued to evolve the way that operating systems are developed, deployed, and maintained. Similarly, the skillsets of memory analysts and their preferred work flows have changed to meet a world with increasingly large volumes of complex data. To address these challenges, the Volatility development team has been actively architecting and developing an entirely new version of the framework, while simultaneously supporting users of the current stable version.
This presentation is an introduction and pre-release of Volatility 3. It highlights how this new framework compares to previous versions of Volatility and other Volatility-based tools. The discussion highlights the many new features, as well as how the community can contribute to the official launch of Volatility 3!