0xtejas
commented
2 years ago volatility2 has linux_enumerate_files and linux_find_file to enumerate files and to dump files.
Open garanews opened 2 years ago
0xtejas
commented
2 years ago volatility2 has linux_enumerate_files and linux_find_file to enumerate files and to dump files.
It's been a while since Volatility3 was released. I see there are some plugin for Windows that support the dump of files: memmap malfind modscan modules dlllist psscan vadinfo pslist hivelist
But there is none yet for Linux and Mac. If someone can drive at least the first one, then I suppose the community can follow the procedure and implement the others, what do you think?