Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/superponible/volatility-plugins
Plugins I've written for Volatility
https://github.com/superponible/volatility-plugins
Last synced: 2 months ago
JSON representation
Plugins I've written for Volatility
- Host: GitHub
- URL: https://github.com/superponible/volatility-plugins
- Owner: superponible
- Created: 2014-03-27T10:29:28.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2023-12-01T09:09:09.000Z (about 1 year ago)
- Last Synced: 2024-08-02T20:44:06.157Z (5 months ago)
- Language: Python
- Size: 61.5 KB
- Stars: 194
- Watchers: 14
- Forks: 52
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-memory-forensics - apihooksdeep
README
Volatility Plugins
==================
Plugins I've made:
uninstallinfo.py - Dumps HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall from memory
prefetch.py - scan memory for prefetch files and dump filename and timestamps
idxparser.py - scan memory Java IDX files and extract details
firefoxhistory.py - firefoxhistory, firefoxcookies, and firefoxdownloads plugins to extract the following firefox history data:
moz_places,
moz_cookies, and
moz_downloads
chromehistory.py - chromehistory, chromevisits, chromesearchterms, chromedownloads, chromedownloadchains, and chromecookies plugins to extract Chrome SQLite artifacts
sqlite_help.py - supporting functions SQLite used in Firefox and Chrome plugins
trustrecords.py - extract Office TrustRecords registry key information
ssdeepscan.py - like yarascan, but searches for pages matching an ssdeep hash
malfinddeep.py - whitelist code found by malfind based on an ssdeep hash
apihooksdeep.py - whitelist code found by apihooks based on an ssdeep hash