Embedded Files
Memory tools
HBGary fdpro.exe
FDPro.exe c:\memdump.hpak Acquire memory and page file
FDPro.exe c:\memdump.bin Acquire memory
FDPro.exe c:\memdump.hpak –hpak list List contents of hpak
FDPro.exe c:\memdump.hpak –hpak extract memdump.bin extract memory
Volatility
https://www.volatilesystems.com/default/volatility/
volatility.exe -h (HELP)
GET IMAGE INFO AND PROFILE
volatility.exe -f COMPUTER.mem imageinfo
GET PROCESS INFO
volatility.exe -f ISA-LAPTOP31.mem --profile Win7SP1x64_23418 pslist >> pslist-mem.txt
GET NETWORK CONNECTIONS
volatility.exe -f COMPUTER.mem --profile Win7SP1x64_23418 netscan >> netscan-mem.txt
Page updated
Google Sites
Report abuse