🔐
oneforall
  • Welcome
  • ETHICAL HACKING METHODOLOGY / USUAL AND USEFUL TOOLS
    • Reconnaissance
      • Overview
    • Enumeration
      • Scanning
      • Ports
    • Exploitation
    • Post-exploitation
      • Password cracking
      • File transfers
      • Maintaining access
      • Pivoting
      • Cleaning up & Covering tracks
  • Active Directory
    • Basics
    • Attack vectors
      • Network poisoning
      • SMB services
      • LDAP
      • OSINT
    • Post-compromise
      • Enumeration
        • PowerView
        • Bloodhound
      • Attacks
        • Pass the hash / password
        • Token impersonation
        • Kerberoasting
        • GPP / cPassword
        • Mimikatz
  • WEB
    • TOP 10 OWASP
  • WEB SERVER
    • SQL Injection
    • Authentication
    • OS injection
    • CSRF
  • WIRELESS
    • WPA2 PSK
  • FORENSIC
    • Radare2
    • Obtaining Memory Samples
    • Volatility
    • USB forensic
  • EXPLOIT DEVELOPMENT
    • Buffer Overflow
  • SCRIPTING AND PL
    • HTML
    • C basics
    • Python
      • Libraries & hacking usages
    • Bash basics
      • Hacking usages
    • Powershell basics
    • PHP
  • NETWORK SECURITY
    • Network reminders
    • CCNAv7
      • LAN security concepts
      • Switch security configuration
    • Wireshark
  • MISC
    • VIM basics
    • Metasploit Cheatsheet
    • Common ports & protocols
    • Tmux Cheatsheet
    • Linux reminders
  • STEGANOGRAPHY
    • Steganography
  • Privilege Escalation
    • Linux
    • Windows
  • CRYPTO
    • Encryption
    • Hashing
    • RSA
      • Tools
      • Factorisarion
Powered by GitBook
On this page
  • Command reference
  • Basics
  • What type of dump am I going to analyze ?
  • Which process are running ?
  • List open TCP/UDP connections
  • What commands were lastly run on the computer ?
  • Dump processes exe and memory
  • Hive and Registry key values

Was this helpful?

  1. FORENSIC

Volatility

An advanced memory forensics framework...

PreviousObtaining Memory SamplesNextUSB forensic

Last updated 5 years ago

Was this helpful?

Command reference

Basics

What type of dump am I going to analyze ?

$ volatility -f MyDump.dmp imageinfo

Which process are running ?

$ volatility -f MyDump.dmp --profile=MyProfile pslist
$ volatility -f MyDump.dmp --profile=MyProfile pstree
$ volatility -f MyDump.dmp --profile=MyProfile psxview

List open TCP/UDP connections

$ volatility -f MyDump.dmp --profile=MyProfile connscan
$ volatility -f MyDump.dmp --profile=MyProfile sockets
$ volatility -f MyDump.dmp --profile=MyProfile netscan

What commands were lastly run on the computer ?

$ volatility -f MyDump.dmp --profile=MyProfile cmdline
$ volatility -f MyDump.dmp --profile=MyProfile consoles
$ volatility -f MyDump.dmp --profile=MyProfile cmdscan

Dump processes exe and memory

$ volatility -f MyDump.dmp --profile=MyProfile procdump -p MyPid --dump-dir .
$ volatility -f MyDump.dmp --profile=MyProfile memdump -p MyPid --dump-dir .

Hive and Registry key values

$ volatility -f MyDump.dmp --profile=MyProfile hivelist
$ volatility -f MyDump.dmp --profile=MyProfile printkey -K "MyPath"
Command Reference · volatilityfoundation/volatility WikiGitHub
Logo