28 lines
652 B
Markdown
28 lines
652 B
Markdown
|
# Volatility
|
||
|
* [Cheat sheet](https://downloads.volatilityfoundation.org/releases/2.4/CheatSheet_v2.4.pdf)
|
||
|
* [Hacktricks shee](https://book.hacktricks.xyz/forensics/volatility-examples)
|
||
|
|
||
|
* Basic Info, find OS profile
|
||
|
```sh
|
||
|
volatility -f <file.iso> imageinfo
|
||
|
volatility -f <file.iso> kdbgscan
|
||
|
```
|
||
|
* Process list
|
||
|
```sh
|
||
|
volatility -f <file.iso> --profile <OSprofile> pslist
|
||
|
```
|
||
|
* List dlls
|
||
|
```sh
|
||
|
volatility -f <file.iso> --profile <OSprofile> dlllist -p <PID>
|
||
|
```
|
||
|
* Last accessed dir
|
||
|
```sh
|
||
|
volatility -f <file.iso> --profile <OSprofile> shellbags
|
||
|
```
|
||
|
## Plugins
|
||
|
|
||
|
* For example
|
||
|
* Truecryptpassphrase
|
||
|
* cmdscan, command history
|
||
|
* shutdowntime
|