Volatility is a complete set of open source tools used for advanced memory forensics analysis. It works best on 32 bits Windows machine. Once we have the memory image of the compromised system. we can use Volatility to perform the investigation. For the download and installation , follow this link https://www.volatilesystems.com/default/volatility
Another aspect of this tool is that it can be used to hunt malware hidden in the memory
Guy Ngongang 