lilith/tldr
1
0
Fork 0
mirror of https://github.com/tldr-pages/tldr.git synced 2025-06-07 23:46:02 +02:00
Code Activity
tldr/pages/windows/vol.py.md
Denominator f513dcf0c3
volatility3: add page (#16383) 
* Create volatility3.md

---------

Co-authored-by: Sebastiaan Speck <12570668+sebastiaanspeck@users.noreply.github.com>
Co-authored-by: Fazle Arefin <fazlearefin@users.noreply.github.com>
2025-05-21 14:04:59 +10:00

774 B
Raw Permalink Blame History

vol.py

Forensics framework used to analyze volatile memory (RAM) dumps. With volatility3, plugins are now based on operating system. Examples below will use Windows. More information: https://volatility3.readthedocs.io/en/latest/index.html.

  • Get information about a memory dump file:

python3 vol.py {{[-f|--filename]}} {{path/to/memory_dump_file}} windows.info

  • List active processes:

python3 vol.py {{[-f|--filename]}} {{path/to/memory_dump_file}} windows.pslist

  • List hashes of users on system:

python3 vol.py {{[-f|--filename]}} {{path/to/memory_dump_file}} windows.hashdump

  • List active network connections:

python3 vol.py {{[-f|--filename]}} {{path/to/memory_dump_file}} windows.netstat

  • Display help:

python3 vol.py {{[-h|--help]}}