목록2020/03/24 (2)
CHIqueen
Securinets Time Problems
시작해보자 $ vol.py -f for2.raw imageinfo Volatility Foundation Volatility Framework 2.6 INFO : volatility.debug : Determining profile based on KDBG search... Suggested Profile(s) : Win7SP1x86_23418, Win7SP0x86, Win7SP1x86 AS Layer1 : IA32PagedMemoryPae (Kernel AS) AS Layer2 : VirtualBoxCoreDumpElf64 (Unnamed AS) AS Layer3 : FileAddressSpace (/home/sansforensics/Desktop/for2.raw) PAE type : PAE DTB :..
Securinets Time matters
솔직히 많이 못만든 문제 문제 설명도 구대기고 정확히 뭘 원하는지 모르는 문제 $ vol.py -f for1.raw kdbgscan Volatility Foundation Volatility Framework 2.6 ************************************************** Instantiating KDBG using: Unnamed AS WinXPSP2x86 (5.1.0 32bit) Offset (P) : 0x2785b78 KDBG owner tag check : True Profile suggestion (KDBGHeader): Win7SP1x86_23418 Version64 : 0x2785b50 (Major: 15, Minor: 7601) PsActiveProcess..