/cheatsheets/forensics/Recent content in Forensics on nix4cyberHugoenCopyright (c) 2025 nix4cyber/cheatsheets/forensics/memory/Mon, 01 Jan 0001 00:00:00 +0000/cheatsheets/forensics/memory/<h2 id="volatility-2">Volatility 2</h2> <p><a href="https://github.com/volatilityfoundation/volatility3">Volatility 2</a> is a framework for extracting digital artifacts from volatile memory (RAM) samples. Note that this is the older version of Volatility, and it may not support the latest memory dump formats or operating systems. Below are some of the most common commands you can use with Volatility 2.</p>/cheatsheets/forensics/recovery/Mon, 01 Jan 0001 00:00:00 +0000/cheatsheets/forensics/recovery/<h2 id="file-carving">File Carving</h2> <p>File carving is a technique used to recover files from a disk image or raw data by searching for file signatures and extracting the data without relying on the filesystem structure. This is particularly useful when the filesystem is damaged or missing.</p>