Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/forensicxlab/volatility3_plugins
https://github.com/forensicxlab/volatility3_plugins
Last synced: 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/forensicxlab/volatility3_plugins
- Owner: forensicxlab
- Created: 2022-07-24T19:14:46.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-07-23T20:39:30.000Z (6 months ago)
- Last Synced: 2024-08-02T20:44:04.651Z (5 months ago)
- Language: Python
- Size: 39.1 KB
- Stars: 21
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-memory-forensics - Linux - Inodes
README
# About
This repository contains volatility3 plugins for the volatility3 framework.
# Windows plugins
## Prefetch
The plugin is scanning, extracting and parsing Windows Prefetch files from Windows XP to Windows 11.
More information here : https://www.forensicxlab.com/posts/prefetch/
## AnyDesk
The plugin is scanning, extracting and parsing Windows AnyDesk trace files.
More information here : https://www.forensicxlab.com/posts/anydesk/
## KeePass
The plugin is scanning the keepass process for potential password recovery following CVE-2023-32784
More information here : https://www.forensicxlab.com/posts/keepass/
## Hibernation
The layer & plugins aims to add support of the conversion of the hiberfile.sys to a raw memory image to the volatility3 framework.
Pull request: https://github.com/volatilityfoundation/volatility3/pull/1036
More information here : https://www.forensicxlab.com/posts/hibernation/
## Import Address Table (IAT)
The plugin aims to carve the Import Address Table from a PE, it is giving information about the functions imported and therefore the cabapilities of a potential malicious process.
Pull request: https://github.com/volatilityfoundation/volatility3/pull/1063
More information here : https://www.forensicxlab.com/posts/voliat/
## Alternate Data Streams (ADS)
The plugin aims to carve the ADS from the MFT.
Pull request: https://github.com/volatilityfoundation/volatility3/pull/1063
More information here : https://www.forensicxlab.com/posts/volads/
# Linux plugins
## Inodes
The plugin is a pushed version of the lsof plugin, extracting inode metadata from each files.
More information here : https://www.forensicxlab.com/posts/inodes/
Pull request : https://github.com/volatilityfoundation/volatility3/pull/1213
# Translation layers
## Remote analysis on cloud object-storage.
More information here : https://www.forensicxlab.com/posts/vols3/
Pull request: https://github.com/volatilityfoundation/volatility3/pull/1044