volatility3 icon indicating copy to clipboard operation
volatility3 copied to clipboard

Published 20 hours ago verified publisher icon volatilityfoundation

memdump alternative

Open swastibhushan opened this issue 5 years ago • 3 comments
trafficstars

Is there any alternative to the memdump alternative in Volatality3?

swastibhushan avatar Jun 09 '20 16:06 swastibhushan

Not yet I'm afraid, but something that provides a similar capability is on the cards...

ikelos avatar Jun 09 '20 16:06 ikelos

The equivalent is memmap --dump

iMHLv2 avatar Sep 09 '20 16:09 iMHLv2

Just for clarity, memmap --dump vol3 is the equivalent of memdump --memory in vol2. If you're after PE reconstruction, then we can update the issue title to be more specific.

ikelos avatar Sep 09 '20 21:09 ikelos