# Analysis ## Volatility I'll be using Volatility 2 for analysis because many plugins were written in python2. Alternatively, this can be done with Volatility 3 with the exemption of running a few plugins. ### Installing Volatility Volatility 2 GitHub repo: {% embed url="" %} ```bash $ git clone https://github.com/volatilityfoundation/volatility.git ``` ### Using Volatility ```bash $ python2 [path-to-vol.py] -f [path-to-image] --profile=[profile] [plugin] ``` ### Command reference {% embed url="" %} ### Add plugins * Clone the plugin from their respective github repos. * Add the \[plugin].py file into "volatility/plugins/" directory. ## Additional info * I create separate folders for each of the memory images that I analyze. * Inside them, various folders are created to dump the output whenever required. It is recommended to follow along the process and explore the process yourself.