- Windows Forensics Cookbook
- Oleg Skulkin Scar de Courcier
- 164字
- 2021-07-02 20:57:42
How it works...
The following list explains the plugins used in the recipe.
- Imageinfo: This plugin collects some basic information about the memory image you are analyzing: operating system, service pack, hardware architecture; and also useful information such as DTB address, KDBG address, and the timestamp of the image creation.
- Pslist: This plugin shows the processes of the system, including the offset, process name, process ID, parent process ID, number of threads, number of handles, date/time when the process started and exited, Session ID and if the process is a WoW64 process.
- Pstree: This plugin does the same as pslist, but shows the process list in tree form. It uses indentation and periods to indicate child processes.
- Dlllist: This plugin displays the DLLs loaded by the process of interest, or all processes if the -p or --pid switch isn't used.
- Malfind: This plugin allows the examiner to detect and extract hidden or injected code/DLLs in user mode memory for further antivirus scans and analysis.
推薦閱讀
- Expert C++
- MySQL數(shù)據(jù)庫(kù)應(yīng)用與管理 第2版
- Android 7編程入門經(jīng)典:使用Android Studio 2(第4版)
- jQuery開發(fā)基礎(chǔ)教程
- 深入淺出PostgreSQL
- TMS320LF240x芯片原理、設(shè)計(jì)及應(yīng)用
- 實(shí)戰(zhàn)Java高并發(fā)程序設(shè)計(jì)(第2版)
- Angular應(yīng)用程序開發(fā)指南
- Spring 5 Design Patterns
- Visual C++從入門到精通(第2版)
- Java EE項(xiàng)目應(yīng)用開發(fā)
- 數(shù)據(jù)庫(kù)技術(shù)及應(yīng)用教程上機(jī)指導(dǎo)與習(xí)題(第2版)
- Game Development Patterns and Best Practices
- C++ Primer(中文版)(第5版)
- 前端程序員面試筆試通關(guān)寶典