Volatility has become the de-facto standard for analysing memory image captured as part of forensic investigations. Volatility2.6 was the dominant version throughout the industry until the release of Volatility3 (officially in 2019) in 2021. The development team have pushed forward to rapidly develop additional features and plugins (means to extract evidence).
The following GitHub page provides all of the installation instructions as well as the array of Symbol Tables.
https://github.com/volatilityfoundation/volatility3
Symbol Tables in Volatility3 are what Volatility2.6 called Profiles. Both of these are identifiable files which match the unique attributes each operating system embedded in memory. Many symbol tables have been created by contributors. Symbol tables zip files must be placed, as named, into the volatility3/symbols directory (or just the symbols directory next to the executable file).
If you do need to create your own, you will need to install dwarf2json.
Plugins are methods of extracting specific types of evidence from memory images. The vast variety of plugins facilitate the extractions of evidence for countless reasons of identifying certain types of activity include windows.registry.hivelist.HiveList, mac.check_trap_table.Check_trap_table, linux.tty_check.tty_check depending on the operating system type.
Volatility3 is very simple to execute, provide the vol.py script, the -f switch/flag, the memory image file and the relevant plugin to extract the desired information.
Windows
PLUGIN="windows.info.Info"
macOS
PLUGIN="mac.list_files.List_Files"