search

qwhai / volatility

Automatically exported from code.google.com/p/volatility
GNU General Public License v2.0
0 stars 0 forks source link

Host images for the CommandReference examples #179

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hiya,

Just had a request from a user, asking if the spyeye.vmem file from the 
CommandReference wiki page was available.  Is there any chance that we could 
host the images that we use with CommandReference, so that people can see what 
it does and how to work through the output in a kind of a hands-on way?

I realize that producing/maintaining publicly available images has many 
complications, but if it's doable it seemed like a good idea.  Let me know your 
thoughts, on here or by email.  Thanks...  5:)

Original issue reported on code.google.com by mike.auty@gmail.com on 18 Jan 2012 at 7:08

GoogleCodeExporter commented 9 years ago 
The ones used for MHL's stuff are available online.  At least I think they all 
are.  I have been meaning to create some images, but maybe we could (in the 
meantime) just rewrite sections of the CommandReference to use those images 
that are already publicly available?

Original comment by jamie.l...@gmail.com on 18 Jan 2012 at 7:11

GoogleCodeExporter commented 9 years ago 
Yep, definitely!  5:)

The easiest ones I'm aware of are NIST's, but they're all xpsp2, so no good for 
connscan etc.  If MHL's are available, it'd be great to add a link to them for 
each command that uses them...  5:)

Original comment by mike.auty@gmail.com on 18 Jan 2012 at 7:13

GoogleCodeExporter commented 9 years ago 
We have a link to other public images on the FAQ:

http://code.google.com/p/volatility/wiki/FAQ#Are_there_any_public_memory_samples
_available_that_I_can_use_for

The NPS 2009-M57 images might be good to use.  It contains Vista samples in 
addition to XP.

Original comment by jamie.l...@gmail.com on 18 Jan 2012 at 7:16

GoogleCodeExporter commented 9 years ago 
Awesome, thanks Jamie, that sounds brilliant!  5:)

I don't think there's a rush or anything (it's definitely low priority), but 
just might make things a bit easier for people to use if people can play along 
at home with our examples.  5;)

Original comment by mike.auty@gmail.com on 18 Jan 2012 at 7:21

GoogleCodeExporter commented 9 years ago 
I just uploaded spyeye.vmem and will link to it from our FAQ. I'll try not to 
reference non-public images in the command reference from now on, but sometimes 
its still useful to show examples of plugins without providing a >= 512 MB 
memory image for each case. In times when the memory dump is sensitive or 
there's just not enough space in repositories to store them all, we can also 
provide malware samples upon request and people can create their own memory 
dumps (or they can also just find variants of the malware on offensive 
computing or various other malware feeds).

Original comment by michael.hale@gmail.com on 2 Feb 2012 at 6:30