Volatily - Aide-mémoire
- Usage rapide
https://www.volatilityfoundation.org/releases
Download the Volatility 2.6 Linux Standalone Executables (x64)
unzip volatility_2.6_lin64_standalone.zip
ln -s vol26 volatility_2.6_lin64_standalone/volatility_2.6_lin64_standalone
./vol26 -hVolatility Foundation Volatility Framework 2.6
ERROR : volatility.debug : You must specify something to do (try -h)- Installation
pip install volatility3-2.4.1-py3-none-any.whl
- ImageInfo
./vol26 -f [ImageName] imageinfovol -f [ImageName] windows.info.Info
Par la suite je resterai sur la version 3 de Volatility
Arguments d’un plugin
vol -f [ImageName] plugin -hListe des processus
vol -f [ImageName] windows.pslist.PsListDLLs associée à un processus
vol -f [ImageName] windows.dlllist.DllList --pid [ProcessNumber]Base de registres
vol -f [ImageName] windows.registry.hivelistHash des mots de passe Windows
vol -f [ImageName] windows.hashdump.HashdumpConnexions Windows
vol -f [ImageName] windows.netstatRéférences
Accueil > Notes Techniques > Sécurité Informatique > Volatily - Aide-mémoire