Memory forensics is essential for investigating advanced threats like fileless malware and kernel-level rootkits, yet analyzing raw memory remains complex and resource-intensive. This session introduces a scalable framework that integrates Volatility 3 with Retrieval-Augmented Generation to simplify and accelerate memory analysis across Linux and Windows systems while minimizing LLM hallucinations.

In this session, you will gain insights into:

• Leveraging Volatility 3 to extract and structure critical memory artifacts such as processes, memory regions and network activity;
• Enriching artifacts with threat intelligence, behavioral context and real-world IOCs from controlled malware analysis;
• Using a RAG-powered pipeline to enable accurate, context-aware insights without retraining models, improving efficiency in threat detection and investigation.