Eve
Eve
Hello, In volshel using the `display_type` command to show information about objects can be difficult when pointers are involved. For example the output of a struct with pointers in tells...
Hello! This PR adds some basic support for tasks found via scanning to some of the existing linux plugins. I've not done them all as I wanted views on this...
**Is your feature request related to a problem? Please describe.** The "pid" as shown by different plugins is not consistent. Either displaying the `pid` or `tgid` value from the `tast_struct`....
After merging https://github.com/volatilityfoundation/volatility3/pull/1050 @ikelos noticed that the the [process_yara_options ](https://github.com/volatilityfoundation/volatility3/blob/a08b7809b58d3b57a00531b378f7c6f08f33be2e/volatility3/framework/plugins/yarascan.py#L123) method could be updated to handle and check the yara config options in a better way. The discussion https://github.com/volatilityfoundation/volatility3/pull/1050 contains...
A lot of the linux plugins start from a task struct and provide lots of extra information about the processes. e.g. envvars, lsof, sockstat, psaux. It would be great to...
Hello, This draft PR is to add some experimental features to provide a generic way of getting basic information from processes regardless of operating system. The idea was discussed in...
Hello 👋 This PR adds a first attempt at a sockscan plugin. Based heavily on the vol2 netscan plugin by @atcuno. I've also added another method following the path from...
Hello 👋 This PR aims to resolve issue where @garanews found an issue with windows psscan when using the --physical flag. The main issue is covered in my comment here:...
**Description** Currently, in Volatility3, there is no automatic mechanism to identify which layer represents the 'physical layer' in a given memory image. While a few plugins attempt to infer the...
Hello :wave: This is a continuation of PR https://github.com/volatilityfoundation/volatility3/pull/1215 but I completely messed up that branch with a rebase that went very wrong, and my git-fu isn't strong enough to...