-
I have a malware sample on VMware Workstation 15 and I dumped its RAM using FTK Imager. I know for a fact that a process, `RegAsm.exe` is launched by the malware which has `vbc.exe` as children (exite…
-
Anyone could advise on which profile to use for scanning Winx64 Build 17134.706
pslist only lists following:
`C:\****\DumpIt\Thinkpad.raw --profile=Win10x64_10586 pslist
Volatility Foundation Vol…
-
First of all, do not hesitate to rename this issue. It's always hard to find something precise enough without being too long.
`windows.statistics` plugin is raising `InvalidAddressException` when a…
-
In the Volatility 2 wiki there was a nice example on how to design a framwork around volatility that collects and processes plugin outputs based on the JSON renderer as API ([LINK](https://github.com/…
-
volatility version = Volatility 3 Framework 1.0.0-beta.1
OS used to run Volatility = Linux kali 5.3.0-kali1-amd64 #1 SMP Debian 5.3.7-kali2 (2019-11-04) x86_64 GNU/Linux
Python version = Python 3.7.…
-
Hi,
I used linux_hidden_modules plugin to find a malicious module that I would like to dump.
```
Offset (V) Name
------------------ ----
0xffffffffa03b2660 module
```
I tried to use…
-
When trying to manually create a Symbol Table from a pdb using the `--file` option Volatility complains it can't find the file. Seems like its trying to open an empty string, so the passed-in option s…
-
A few strange things:
1) pspcid and deskthread are False for all
2) a few psscan are False when the pslist is True
```
$ python vol.py -f ~/Documents/Virtual\ Machines.localized/Win2012R2x64.vmware…
-
I created a custom profile for openSUSE Leap 15.1 - Kernel 4.12.14-lp151.28.32-default
and dumped the live memory with:
```
VBoxManage debugvm 'openSUSE Leap 15.1' dumpvmcore --filename=dump.ra…
noraj updated
5 years ago
-
I've captured a memory image of Test machine: CentOS7 (3.10.0-1062.4.1.el7.x86_64) using Lime 1.9 with the command :
**sudo insmod ./lime.generic.*.ko "path=\to\destinationfolder\ram-image.mem form…