r00tkit
چهارشنبه 12 آبان 1389, 15:48 عصر
Capabilities
The Volatility Framework currently provides the following extraction capabilities for memory samples
Image date and time
Running processes
Open network sockets
Open network connections
DLLs loaded for each process
Open files for each process
Open registry handles for each process
A process' addressable memory
OS kernel modules
Mapping physical offsets to virtual addresses (strings to process)
Virtual Address Descriptor information
Scanning examples: processes, threads, sockets, connections,modules
Extract executables from memory samples
Transparently supports a variety of sample formats (ie, Crash dump, Hibernation, DD)
Automated conversion between formats
خودم 1 دقیقه پیش گرفتم نصب نکردم هنوز
http://code.google.com/p/volatility/
https://www.volatilesystems.com/default/volatility
The Volatility Framework currently provides the following extraction capabilities for memory samples
Image date and time
Running processes
Open network sockets
Open network connections
DLLs loaded for each process
Open files for each process
Open registry handles for each process
A process' addressable memory
OS kernel modules
Mapping physical offsets to virtual addresses (strings to process)
Virtual Address Descriptor information
Scanning examples: processes, threads, sockets, connections,modules
Extract executables from memory samples
Transparently supports a variety of sample formats (ie, Crash dump, Hibernation, DD)
Automated conversion between formats
خودم 1 دقیقه پیش گرفتم نصب نکردم هنوز
http://code.google.com/p/volatility/
https://www.volatilesystems.com/default/volatility