652 B

Raw Blame History

Volatility

Cheat sheet
Hacktricks shee
Basic Info, find OS profile

volatility -f <file.iso> imageinfo
volatility -f <file.iso> kdbgscan

Process list

volatility -f <file.iso> --profile <OSprofile> pslist

List dlls

volatility -f <file.iso> --profile <OSprofile> dlllist -p <PID>

Last accessed dir

volatility -f <file.iso> --profile <OSprofile> shellbags

Plugins

For example
- Truecryptpassphrase
- cmdscan, command history
- shutdowntime