- Windows Forensics Cookbook
- Oleg Skulkin Scar de Courcier
- 164字
- 2021-07-02 20:57:42
How it works...
The following list explains the plugins used in the recipe.
- Imageinfo: This plugin collects some basic information about the memory image you are analyzing: operating system, service pack, hardware architecture; and also useful information such as DTB address, KDBG address, and the timestamp of the image creation.
- Pslist: This plugin shows the processes of the system, including the offset, process name, process ID, parent process ID, number of threads, number of handles, date/time when the process started and exited, Session ID and if the process is a WoW64 process.
- Pstree: This plugin does the same as pslist, but shows the process list in tree form. It uses indentation and periods to indicate child processes.
- Dlllist: This plugin displays the DLLs loaded by the process of interest, or all processes if the -p or --pid switch isn't used.
- Malfind: This plugin allows the examiner to detect and extract hidden or injected code/DLLs in user mode memory for further antivirus scans and analysis.
推薦閱讀
- 程序員面試白皮書
- Raspberry Pi for Secret Agents(Third Edition)
- 碼上行動:零基礎學會Python編程(ChatGPT版)
- The React Workshop
- R語言編程指南
- 精通Scrapy網絡爬蟲
- Apache Mahout Clustering Designs
- Mastering JavaScript High Performance
- Swift Playgrounds少兒趣編程
- C# and .NET Core Test Driven Development
- Domain-Driven Design in PHP
- STM8實戰
- Google Maps JavaScript API Cookbook
- Backbone.js Patterns and Best Practices
- Mastering Machine Learning with scikit-learn