/volatility2-profiles

Memory mapping profiles for forensic analysis using volatility 2

A lot of memory profiles for forensic analysis using volatility.
Profiles YouTube Channel Subscribers

Despite tens of hours of work, all of these 460 profiles are generated and shared for free. So if you find this project useful, please ⭐ this repo or support my work on patreon.

If you're using volatility 3, you should check out volatility3-symbols.

Linux

Debian

Major version Minor versions
11 (bullseye) 11.0.0 | 11.1.0 | 11.2.0 | 11.3.0
10 (buster) 10.0.0 | 10.1.0 | 10.2.0 | 10.3.0 | 10.4.0 | 10.5.0 | 10.6.0 | 10.7.0 | 10.8.0 | 10.9.0 | 10.10.0 | 10.11.0
9 (strech) 9.0.0 | 9.1.0 | 9.2.0 | 9.3.0 | 9.4.0 | 9.5.0 | 9.6.0 | 9.7.0 | 9.8.0 | 9.9.0 | 9.10.0 | 9.11.0 | 9.12.0 | 9.13.0

Installation

Each of these profiles is packaged as a zip file. You can enable them individually with your Volatility installation by copying:

  • Linux profiles in volatility/plugins/overlays/linux/
  • Mac profiles in volatility/plugins/overlays/mac/

⚠️ Only enable the profiles you plan to use. If you copy all zip files into the aforementioned directories, Volatility will be extremely slow to load.

Issues

⚠️ These profiles are automatically generated and may not be fully tested (or tested at all). Use at your own risk. If you encounter problems, please report them through the issue tracker: https://github.com/p0dalirius/volatility2-profiles/issues.