Recovering clipboard content and plaintext password recovery through volatility

Well, hello guys. I am back after a long time . Today I am here to share you about a little on volatility tool which includes recovering clipboard content and plaintext password from the memory dump of any system

So, let’s get started with how to take the memory dump of the suspect machine . We will perform this via FTK Imager. Its a data preview and imaging tool that lets you quickly assess electronic evidence to determine if further analysis with a forensic tool such as Forensic Toolkit (FTK®) is warranted.

Source and download link : https://www.exterro.com/ftk-imager

After the download and installation of FTK Imager dive to :

FTK Imager→ File → Memory Capture

Now click on capture memory and achieve the memory dump

Now we will see recovering clipboard content from memory using Volatility in Kali workstation. You can also download volatility and use it in windows (Download link :https://www.volatilityfoundation.org/releases)

Volatility is an advanced memory forensics framework and is one of the best open source software programs for analyzing RAM in 32 bit/64 bit systems. It uses KDBG scan or Kernel Debugging Scan (KDBG)