Skip to content

cblanken's cheatsheets

Volatility3

Volatility3

Windows

Process Info

vol.py -f memdump.mem windows.info.Info

Process Dump

vol.py -f memdump.mem windows.pslist.PsList
vol.py -f memdump.mem windows.pstree.PsTree

Memory Dump

DLLs

vol.py -f memdump.mem windows.dlllist.DllList
vol.py -f memdump.mem windows.dumpfiles.DumpFiles --pid <pid>

Network Info

vol.py -f memdump.mem windows.netscan.NetScan

Registry

Malware

vol.py -f memdump.mem windows.malfind.Malfind --dump