This document summarizes Linux memory analysis capabilities in the Volatility framework. It discusses general plugins that recover process, network, and system information from Linux memory images. It also describes techniques for detecting rootkits by leveraging kmem_cache structures and recovering hidden processes. Additionally, it covers analyzing live CDs by recovering the in-memory filesystem and analyzing Android memory images at both the kernel and Dalvik virtual machine levels.