- Windows Forensics Cookbook
- Oleg Skulkin Scar de Courcier
- 164字
- 2021-07-02 20:57:42
How it works...
The following list explains the plugins used in the recipe.
- Imageinfo: This plugin collects some basic information about the memory image you are analyzing: operating system, service pack, hardware architecture; and also useful information such as DTB address, KDBG address, and the timestamp of the image creation.
- Pslist: This plugin shows the processes of the system, including the offset, process name, process ID, parent process ID, number of threads, number of handles, date/time when the process started and exited, Session ID and if the process is a WoW64 process.
- Pstree: This plugin does the same as pslist, but shows the process list in tree form. It uses indentation and periods to indicate child processes.
- Dlllist: This plugin displays the DLLs loaded by the process of interest, or all processes if the -p or --pid switch isn't used.
- Malfind: This plugin allows the examiner to detect and extract hidden or injected code/DLLs in user mode memory for further antivirus scans and analysis.
推薦閱讀
- Microsoft Exchange Server PowerShell Cookbook(Third Edition)
- Java系統(tǒng)分析與架構(gòu)設(shè)計(jì)
- Python機(jī)器學(xué)習(xí):數(shù)據(jù)分析與評(píng)分卡建模(微課版)
- Android NDK Beginner’s Guide
- SQL Server 2016數(shù)據(jù)庫應(yīng)用與開發(fā)
- 微信小程序入門指南
- C#實(shí)踐教程(第2版)
- Unity&VR游戲美術(shù)設(shè)計(jì)實(shí)戰(zhàn)
- Continuous Delivery and DevOps:A Quickstart Guide Second Edition
- Microsoft Exchange Server 2016 PowerShell Cookbook(Fourth Edition)
- Android編程權(quán)威指南(第4版)
- 軟件測試技術(shù)
- Swift High Performance
- UI動(dòng)效設(shè)計(jì)從入門到精通
- Java EE實(shí)用教程