-
I know I can create a decrypted image of a drive using the FVEK, but is there a way to get the VMK and recovery key using the FVEK? I know it can be done the other way around (VMK to FVEK), but I don'…
-
FYSA, RECmd has identical `--sync` functionality similar to KAPE, EvtxECmd, and SQLECmd. That being said, the KrollBatch.reb file is no longer being maintained in favor of DFIRBatch.reb, which can be …
-
Nothing shows at device manager and drvscan cant detect dma board.I’ve done the bios setting.
Before I flash ekkond wifi this board is multi audio controller.Now it’s gone.
My dma board is xc7a35t …
-
============================== MemProcFS ==============================
- Author: Ulf Frisk - pcileech@frizk.net
- Info: https://github.com/ufrisk/MemProcFS
- License: …
-
### What's the problem?
Both the automatic flarevm script and manual installation of the dcode.vm package fails to download. The installer can still be downloaded with any browser though. I thought t…
-
Hi
I am getting this error:
`Invoke-WebRequest : {
"code": "not_found",
"message": "File with such name does not exist.",
"status": 404
}
At E:\_Tools\MemProcFS-Analyzer-v1.0\MemProcFS-…
-
First of all I would like to say thank you to all the contributors of volatility. This has by far been a fun experience diving into forensics for me!
I have a more of a question then an explicit is…
-
Hello. Try to extract dump of lsass.exe from full RAM dump Windows 2016/2019 Server.
Full RAM dump maded by winpmem.
`winpmem_mini_x64_rc2.exe phizmem.raw`
Search a PID i need:
`vol -f phiz…
-
Hello Martin! First, thank you for making this project! I came across it somewhat recently and realized what a game-changer this could be. I was excited to try it out, and did, and spent a few nights …
-
I want to write to memory, but I don't know how to do it currently. Is there an example?