to omit profile and memory_dump location
1)
1)
$ export VOLATILITY_PROFILE=Win7SP1x64 $ export VOLATILITY_LOCATION=file:///path/to/MEMORY.DMP
$ python vol.py imageinfo
Connections/conscan/sockets/sockscan are for Windows XP/2003 only.
netscan plugin for anything Vista/2008/Win7
ref :
1) http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=15&cad=rja&uact=8&ved=0CFUQFjAO&url=http%3A%2F%2Fkromer.pl%2Fmalware-analysis%2Fmemory-forensics-using-volatility-toolkit-to-extract-malware-samples-from-memory-dump%2F&ei=rEFkVa6xJsytuQSn0IHIBg&usg=AFQjCNEeYqBZ6ya72XwBSQ5NAoe7oGuELw&bvm=bv.93990622,d.c2E
No comments:
Post a Comment
Terima kasih