₳Ⱡ₥Ø₲
₳Ⱡ₥Ø₲
Added few queries: - apt_sources - deb_packages - shell_history - system_controls - logged_in_users - last_logins Fix 1 query: - authorized_keys
Hello, in artifacts/files section I think it would be useful to add specific forensic artifacts(persistence mechanisms, etc) such as: `sudoers`, `crontab`, `/etc/profile` and much more. it would be useful for...
Improvements for Lsof to show deleted files as in lsof output on live system. its probably shouldnt be in that function directly as its no longer mimic `prepend_path` kernel function...
Hello, not sure if thats good enough as a standalone plugin, but I tried to re-implement apihooks. however, since there a lot of "hooks" in legitimate dlls I couldn't get...
Categorize windows.svcdiff as windows.malware.svcdiff - no dep fixes applied - since this plugin doesnt have a run() method the wrapper must inherit from the same base class - `__init__` method...
Hello, trying my way around os internals & memory :P ``` (venv) ubuntu@ubuntuPC:~/Dev/volatility3$ vol -f ~/dumps/peb_masq_dump.raw -r json windows.pebmasquerade | jq 'map(select(.Notes != "OK"))' Volatility 3 Framework 2.26.2 [ {...
Hello, just playing with memory & OS internals. apparently some legitimate processes do these techniques to have enriched information in their cmdline or so. here are some such processes: ```...
``` requirements.ListRequirement( name="pid", description="Filter on specific process IDs", element_type=int, optional=True, ), ``` supplying `--pid 1,2,3` wouldnt work for the following: ``` vol windows.pslist.PsList: error: argument --pid: invalid value: '8032,7692' vol...
Remove unused unix argument in linux.sockstat
Categorized 2 related plugins as .malware.: - indirect_system_calls, direct_system_calls I did not find any fixes needed other than import statements, I tried running them and it seemed okay, but not...