Hi. I have a Windows memory dump and I am analyzing it with Volatility. I have seen many interesting processes. However, I would need to get some live data regarding these processes. Such as linked Paths, opened documents, passwords entered, and so on. ¿How can achieve this? Many thanks!
Hello, I'm investigating a windows memory dump and with connscan I find a web connection with a certain PID. However, when I issue pslist, pstree or psscan I can't seem to find that PID. ¿Any clue about this? ¿Where is that damn process? Thanks!