Looking at the quadzillion pages of output I have just generated with Vol. I was thinking, WHy not script this?
Also, more importantly, I would like to cross reference the results so I can see all results for a specific process. Registry Objects, connections, modules, files, strings etc.
Has anyone already done anything to take advantage of vol's incredible wealth of info? Or are text files, grep, regex, and spreadsheets the norm?
Thanks for any replies. I have looked at Mandiants Memoryse and AuditViewer, but still a bit overwhelmed by everything it puts out. Not real certain how to find what I am looking for with it.
Thanks Folks,
Bruce D. Meyer
Are you referring to Volatility?
Yes. Sorry, i thought this was purely a volatility forum. Must have it it via google or a bookmark?
This is the Forensic Focus "General Discussion" forum
I'll find a more specific and helpfukl forum! My Apology for casuing you such grief.
No grief at all…I was simply asking what it was that you were referring to, and based on your response, it appeared that you may have posted to what you thought was a Volatility-specific forum.
To your original question, have you looked at gl33da's vol2html? Have you taken a look at the Volatility Documentation Project?
No Sir. I hadn't heard of either one. I will look at both Now.
Thanks for the help. I appreciate it.
–Bruce D. Meyer
Wow. Vol2html. I wonder how much time that took out of the authors life. Very nice.
I have the docs now also. Thank you. I was working off of the 6 pages that come with Volatility.