This program allows the user to access a Memory Dump. It can also act as an add-on to the Volatility Framework (https://github.com/volatilityfoundation/volatility).
The program works similarly to Process Explorer / Hacker, but also allows the user to access a Memory Dump (or access real-time memory on the computer using Memtriage).
It can run on Windows, Linux and MacOS machines, but can only use Windows memory images.
Installation
git clone https://github.com/memoryforensics1/VolExp |
|
cd VolExp |
|
python2 volexp |
|
python2 vol.py -f &memory file path> --profile=< memory profile> volexp |
|
python2 memtriage.py --plugins=volexp |
Application snapshots
You will find information about the program here.
You can download the program from here.
Read them Technology News from all over the world, with the validity of iGuRu.gr
Follow us on Google News
Amazon has been certified to deliver products by drone
»
Comment Policy:
IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators