Memory Forensics with Volatility — WinXP SP2 Dump Analysis
Full walkthrough of a Windows XP SP2 memory dump using Volatility 2.6.1 — 14 plugins covering process enumeration, hidden process detection, network connections, registry artifacts, kernel modules, and live memory inspection via volshell.