Posted: Sun Nov 27, 2011 3:56 pm Post subject: Volatility framework questions? sorta
ok so like i was wondering how the volatility framework deals with a disk image with out mounting it such as this command "vol.py -f zeus.vmem pslist"
this shows the process list running when the img was aquired
ps is there a major difference between .vhd and .vmem like one is hard disk and one is memory?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum