Updated Volatility Foundation’s Memory Samples
Credit
These samples were shared by various sources, but the Volatility Foundation consolidated them into one repository. Credit goes to the respective creators.
Introduction
In order to practice your memory analysis skills, you need some samples (memory images taken from devices, which are most probably infected with malware) to practice on, right? So, here we have two options:
- Making samples ourselves, which we will discuss that in a different post.
- Taking already-made samples online (cloud labs) / offline and practicing on them.
We will go with the second option – offline samples.
Memory Samples
I checked the links of the given memory dumps, and unfortunately not all of them are still working, so I just updated them here and only kept the currently working ones. I reference this, because it is a great learning resource, and we are aiming to make this website your go-to website for learning memory forensics.
A downside of those images are old, so Volatility 2 might be a better option to analyze them.
Note: Please take care when analyzing the memory samples, as they might be from malware-infected devices.
| Description | Memory Dump OS | Direct Download | Comment |
|---|---|---|---|
| Art of Memory Forensics Images | Collections from Windows, Linux, and Mac memory dumps | No | These images are from the very famous memory forensic book “Art of Memory Forensics”. You cannot get the image directly from the website, so you need to email them: voltraining@memoryanalysis.net |
| Jackcr’s Forensic Challenge | Windows XP x86 and Windows 2003 SP0 x86 (4 images) | No | You need to send a message to them, and if approved, you get the permission to download the images. |
| GrrCon Forensic Challenge ISO | Windows XP x86 | Yes | Challenge questions & Instructions are in this file: PDF questions |
| Malware – R2D2 | Windows XP SP2 x86 | Yes | Password: infected |
| CFREDS NIST | Windows XP SP2, 2003 SP0, and Vista Beta 2 (all x86) | Yes | 5 samples |
| NPS 2009-M57 | Various XP / Vista x86 | Yes | ~70 samples |
I will try to regularly update it if any new samples are added on the repository.
Conclusion
In this blog, I briefly notified you about some memory dumps that you can download and hone your memory forensic analysis skills.
~ Cya till the Next One
Related Posts
Linux Memory Forensics Challenge
Inside Cridex – Memory Analysis Case Study
