Michael Hale Ligh

The Art of Memory Forensics

Notify me when the book’s added
To read this book, upload an EPUB or FB2 file to Bookmate. How do I upload a book?
This book is currently unavailable
1,393 printed pages
Have you already read it? How did you like it?
👍👎

Quotes

  • Andrii Pastushenkohas quoted4 months ago
    $ python vol.py pslist > pslist.txt
    $ python vol.py pslist --output-file=pslist.txt
  • Andrii Pastushenkohas quoted4 months ago
    For example, if various plugins create _EPROCESS objects and they all commonly need to determine whether the process is suspicious, based on several factors, you can use an object class to add such logic. A simple example is shown in the following code:
  • Andrii Pastushenkohas quoted4 months ago
    third-party modules that Volatility can leverage and the specific plugins that utilize them
fb2epub
Drag & drop your files (not more than 5 at once)