Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago Looks like there is no any from:
Malware and Rootkits
malfind
svcscan
ldrmodules
impscan
apihooks
idt
gdt
threads
callbacks
driverirp
devicetree
psxview
ssdt_ex
timersOriginal comment by azi...@gmail.com on 1 Jul 2012 at 7:32
GoogleCodeExporter
commented
9 years ago For now you need to check out trunk from svn. You can see them here:
http://code.google.com/p/volatility/source/browse/#svn%2Ftrunk%2Fvolatility%2Fpl
ugins%2FmalwareOriginal comment by atc...@gmail.com on 1 Jul 2012 at 8:16
GoogleCodeExporter
commented
9 years ago If you're using volatility 2.0 see
http://code.google.com/p/volatility/wiki/CommandReference#Malware_and_Rootkits
"Although all Volatility commands can help you hunt malware in one way or
another, there are a few designed specifically for hunting rootkits and
malicious code. The most comprehensive documentation for these commands can be
found in the Malware Analyst's Cookbook and DVD: Tools and Techniques For
Fighting Malicious Code. The following malware plugins are available in the
malware.py plugin file in the Malware Cookbook SVN. Place the malware.py file
into the "volatility/plugins" directory to install."
Or the FAQ:
http://code.google.com/p/volatility/wiki/FAQ#Where_do_I_find_the_"malware"_plugi
ns
If you're using the volatility 2.1 branch in svn as @atcuno stated above, then
the malware/rootkit plugins are included already and no need to download them
separately.
Original comment by michael.hale@gmail.com on 2 Jul 2012 at 2:40
$ vol.py -f memdump.raw malfind -p 1048 -D hidden_dumps/ Volatile Systems Volatility Framework 2.0 Usage: Volatility - A memory forensics analysis platform.
vol.py: error: no such option: -p
$ vol.py -h | grep -i malfind
Original issue reported on code.google.com by
azi...@gmail.comon 1 Jul 2012 at 7:31