호그와트

vola vola easy vola

영웅*^%&$ 2024. 11. 14. 00:24
728x90

vol.py -f /Scenarios/Investigations/Investigation-1.vmem  -o /home windows.memmap.Memmap --pid 1640 --dump

strings pid.1640.dmp | grep -i "user-agent"


vol -f /Scenarios/Investigations/Investigation-2.raw  windows.dlllist.DllList -p 740


1484 1464 explorer.exe0x821dea70174150False2012-07-22 02:42:36.000000 N
/ADisabled
1512 652 spoolsv.exe0x81eb17b8141130False2012-07-22 02:42:36.000000 N
/ADisabled
1640 1484 reader_sl.exe0x81e7bda05390False2012-07-22 02:42:36.000000 N
/ADisabled


thmanalyst@ubuntu:/home$ cd /opt
thmanalyst@ubuntu:/opt$ ls
volatility3
thmanalyst@ubuntu:/opt$ cd volatility3/
thmanalyst@ubuntu:/opt/volatility3$ ls
development  dump.raw   LICENSE.txt  mypy.ini   setup.py     vol.py       volshell.spec
doc          dump.vmem  MANIFEST.in  README.md  volatility3  volshell.py  vol.spec
thmanalyst@ubuntu:/opt/volatility3$ vol -f /Scenarios/Investigations/Investigation-1.vmem windows.info
Volatility 3 Framework 1.0.1
Progress:  100.00PDB scanning finished                     
VariableValue

Kernel Base0x804d7000
DTB0x2fe000
Symbolsfile:///opt/volatility3/volatility3/symbols/windows/ntkrnlpa.pdb/30B5FB31AE7E4ACAABA750AA241FF331-1.j
son.xz
Is64BitFalse
IsPAETrue
primary0 WindowsIntelPAE
memory_layer1 FileLayer
KdDebuggerDataBlock0x80545ae0
NTBuildLab2600.xpsp.080413-2111
CSDVersion3
KdVersionBlock0x80545ab8
Major/Minor15.2600
MachineType332
KeNumberProcessors1
SystemTime2012-07-22 02:45:08
NtSystemRootC:\WINDOWS
NtProductTypeNtProductWinNt

728x90
저작자표시

'호그와트' 카테고리의 다른 글

Food Is Therapy F I T 앱 맛보기 2  (0) 2024.11.18
Food Is Therapy F I T 앱 맛보기 1  (0) 2024.11.18
pqg  (0) 2024.11.08
CVE 2024 27198 without annoying faker lib  (0) 2024.10.20
white bird attack !  (0) 2024.10.13

'호그와트'의 다른글

  • 현재글vola vola easy vola

관련글

티스토리툴바