Volatility: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 10: | Line 10: | ||
vol.exe -f chall2.raw --profile Win7SP1x64 memdump -p 2424 -D . | vol.exe -f chall2.raw --profile Win7SP1x64 memdump -p 2424 -D . | ||
rename 2424.dmp to 2424.data | rename 2424.dmp to 2424.data | ||
vol.exe -f chall2.raw --profile Win7SP1x64 filescan | |||
Revision as of 09:35, 24 July 2024
vol.exe -f chall1.raw imageinfo vol.exe -f chall1.raw --profile Win7SP1x86 pslist vol.exe -f chall1.raw --profile Win7SP1x86 cmdscan vol.exe -f chall1.raw --profile Win7SP1x86 consoles vol.exe -f chall1.raw --profile Win7SP1x86 hashdump
keyword login windows
ntlm login
vol.exe -f chall2.raw --profile Win7SP1x64 memdump -p 2424 -D .
rename 2424.dmp to 2424.data
vol.exe -f chall2.raw --profile Win7SP1x64 filescan