Updated Volatility Foundation’s Memory Samples

Volatility Memory Samples


These samples were shared by various sources, but the Volatility Foundation consolidated them into one repository. Credit goes to the respective creators.


In order to practice your memory analysis skills, you need some samples (memory images taken from devices, which are most probably infected with malware) to practice on, right? So, here we have two options:

  • Making samples ourselves, which we will discuss that in a different post.
  • Taking already-made samples online (cloud labs) / offline and practicing on them.

We will go with the second option – offline samples.

Memory Samples

I checked the links of the given memory dumps, and unfortunately not all of them are still working, so I just updated them here and only kept the currently working ones. I reference this, because it is a great learning resource, and we are aiming to make this website your go-to website for learning memory forensics.
A downside of those images are old, so Volatility 2 might be a better option to analyze them.
Note: Please take care when analyzing the memory samples, as they might be from malware-infected devices.

DescriptionMemory Dump OSDirect DownloadComment
Art of Memory Forensics ImagesCollections from Windows, Linux, and Mac memory dumpsNoThese images are from the very famous memory forensic book “Art of Memory Forensics”. You cannot get the image directly from the website, so you need to email them:
Jackcr’s Forensic ChallengeWindows XP x86 and Windows 2003 SP0 x86 (4 images)NoYou need to send a message to them, and if approved, you get the permission to download the images.
GrrCon Forensic Challenge ISO Windows XP x86YesChallenge questions & Instructions are in this file: PDF questions
Malware – R2D2 Windows XP SP2 x86YesPassword: infected
CFREDS NISTWindows XP SP2, 2003 SP0, and Vista Beta 2 (all x86)Yes5 samples
NPS 2009-M57Various XP / Vista x86Yes~70 samples

I will try to regularly update it if any new samples are added on the repository.


In this blog, I briefly notified you about some memory dumps that you can download and hone your memory forensic analysis skills.

~ Cya till the Next One