Live Forensics | How to Install Volatility 3 on Windows 11 Windows 10 | Symbol Tables Configuration kzread.info/dash/bejne/X5aBxsdrl8_dnqg.html

How can I use moddump command, mine does not have. I have watched your video on installation, still not working. i have windows file in symbols too.

Thanks, it's very interesting to see how you managed to get the password for Windows 11 machine. I like to learn more about live forensics and Volatility 3. Please post more videos about this.

Thanks sir 👍! I learning from your videos, but Sir i facing a problem that I have followed all steps of this video and previous installation video,( netscan command is working) but hash dump is not working. i also have used deferent volatility & python version. What should I do now? Please. I have window 10

@CyDig

7 ай бұрын

Make sure you download the Symbol Tables. Go to my KZread video to find out how. I think it's at 4:40 min. kzread.info/dash/bejne/X5aBxsdrl8_dnqg.htmlsi=9YRo844feV30WPUu

Thanks that’s very helpful

Great, Keep it up!

Hello, How can I get UUID of a device from its memory dump? I have looked everywhere but could not find it. It would be great to receive a help.. Thank you.

@CyDig

2 ай бұрын

Hi, I don't have a direct answer to that. But you can use Yarascan to find simple patterns like UUID. Or you may use the Strings command. Here is my video about Volatility 3 and the select-string command. kzread.info/dash/bejne/gJxtqpWqgZvdcrw.htmlsi=YXXzU6gtpM3hVeOf I hope that helps.

I am having some issues with plugins. I get the following error msg saying No module name for hashdump and netstat commands. Can pls let me know a solution for this issue.

@CyDig

5 ай бұрын

You can watch my other videos on how to install and configure Volatility 3 on Live Forensics | How to Install Volatility 3 on Windows 11 Windows 10 | Symbol Tables Configuration kzread.info/dash/bejne/X5aBxsdrl8_dnqg.html

@mohamedzirufaan9633

5 ай бұрын

@@CyDig Thanks for the quick response. I have followed ur instructions. Still, some plugins (netstat, hashdump) don't work. However commands like windows.info, pstree, and pslist work fine. So if you have a solution for this problem it would be kind of you to help me fix it.

@CyDig

5 ай бұрын

Make sure to download the Symbol Tables and saved within Volatility 3 . And it should run.

hello there ,thank you ,but i have an issue that when i type windows.info it does not work

First of all , Thankyou so much from India, this video has helped me a lot, but im facing a problem, hashdump plugin is not working even after i pasted symbolin the folder.

@CyDig

Жыл бұрын

Hi MakersPhysics. Welcome to you and all viewers from India. That happened to me as well before. I recommend watching my KZread video first on " How to Install Volatility 3 on Windows 11 Windows 10 | Symbol Tables Configuration" kzread.info/dash/bejne/X5aBxsdrl8_dnqg.html as this will help you to install and configure your environment correctly.

I also have an issue with the windows plugins not work.

@CyDig

Жыл бұрын

Volatility 3 is an excellent tool for analysing Memory Dump or RAM Images for Windows 10 and 11. However, it requires some configurations for the Symbol Tables to make Windows Plugins work. I installed Volatility 3 on Windows 11, and all the following plugins are working fine. Windows.info Windows.pslist Windows.netscan kzread.info/dash/bejne/X5aBxsdrl8_dnqg.html

I have an issue with windows.netstat plugin.

@CyDig

Жыл бұрын

It is more likely that you haven't configured Volatility 3 correctly during the installation and missed adding the Symbol table packs.

@CyDig

Жыл бұрын

you can download it from hrer downloads.volatilityfoundation.org/volatility3/symbols/windows.zip

@rahuldutt2021

Жыл бұрын

@@CyDig downloaded and extracted the zip file but not sure what to do next. Plz advice.

@CyDig

Жыл бұрын

@@rahuldutt2021 I have created a video for you in this link kzread.info/dash/bejne/X5aBxsdrl8_dnqg.html

But how can i know if there is a malicious file when i run volatility ?

@CyDig

7 ай бұрын

This is a very good question! There are many ways to scan for malware within the memory dump. Each malware has its own file signature and behaviours. However, you can try the MalConfScan Volatility plugin to extract configuration data of known malware. Let me know if you managed to run it.

@CyDig

7 ай бұрын

github.com/JPCERTCC/MalConfScan

@userewjonqk

7 ай бұрын

@@CyDig please can you explain this in a new video?

@CyDig

7 ай бұрын

Sure I will create a new video explaining how to detect Malware using Volatility

@userewjonqk

7 ай бұрын

@@CyDig i would really appreciate it. I have learned volatility basic command and how it windows operativ system works but still i don’t understand how can i benefit from it, i need to know to maliicious files and how can i detect it.

hashes.com/en/decrypt/hash is also recommended to crack NT Hash

PLEASE HELP. when i write "memdump.mem windows.hashdump" it doesnt show me the same results you got, instead it shows me some random code lines like this "Desktop\volatility3- 1.0.0\vol.py", line 10, in volatility3.cli.main()"

@user-dw5xp6mf5q

5 ай бұрын

im on windows 11 btw

@CyDig

5 ай бұрын

Make sure you download the Symbol Tables. Go to my KZread video to find out how. I think it's at 4:40 min. kzread.info/dash/bejne/X5aBxsdrl8_dnqg.htmlsi=9YRo844feV30WPUu

I’m following along , thank you. I’m trying to teach my kid that cracked games can be dangerous. Ya have a video showing that? I saw another method they use dumpit.exe.

@CyDig

Жыл бұрын

That's great that you teaching your kids cyber security and you made them aware of such vulnerability. Yes, DumpIt.exe is another tool that can be used to dump memory data.

@avia4281

Жыл бұрын

@@CyDig dumpit with volatility 3. Im acutally trying to learn myself and teach them in a real world situation since kids now days like pc games atleast mine does. On a one system computer with dual boot how can I protect myself from any problems?

@CyDig

Жыл бұрын

@@avia4281 As you can see from the video, I extracted the user name and the hashed password for the other users. One step you can do is to make sure your password is very complex (1234Aa£$£ Bb..) and long to prevent others from converting the hashed password to plain text. Also, it's a good practice to change your password from time to time. Etc......