mirror of
https://github.com/tldr-pages/tldr.git
synced 2025-07-23 07:55:32 +02:00
volatility3: add page (#16383)
* Create volatility3.md --------- Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com> Co-authored-by: Fazle Arefin <fazlearefin@users.noreply.github.com>
This commit is contained in:
Denominator
GitHub
parent
db56ff73aa
commit
f513dcf0c3
1 changed files with 25 additions and 0 deletions
25
pages/windows/vol.py.md
Normal file
25
pages/windows/vol.py.md
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
# vol.py
|
||||
|
||||
> Forensics framework used to analyze volatile memory (RAM) dumps.
|
||||
> With volatility3, plugins are now based on operating system. Examples below will use Windows.
|
||||
> More information: <https://volatility3.readthedocs.io/en/latest/index.html>.
|
||||
|
||||
- Get information about a memory dump file:
|
||||
|
||||
`python3 vol.py {{[-f|--filename]}} {{path/to/memory_dump_file}} windows.info`
|
||||
|
||||
- List active processes:
|
||||
|
||||
`python3 vol.py {{[-f|--filename]}} {{path/to/memory_dump_file}} windows.pslist`
|
||||
|
||||
- List hashes of users on system:
|
||||
|
||||
`python3 vol.py {{[-f|--filename]}} {{path/to/memory_dump_file}} windows.hashdump`
|
||||
|
||||
- List active network connections:
|
||||
|
||||
`python3 vol.py {{[-f|--filename]}} {{path/to/memory_dump_file}} windows.netstat`
|
||||
|
||||
- Display help:
|
||||
|
||||
`python3 vol.py {{[-h|--help]}}`
|
||||
Loading…
Add table
Reference in a new issue