Skip to content
Permalink
Browse files

spelling fix and readme update

  • Loading branch information...
brian
brian committed May 16, 2019
1 parent e1d18d3 commit 183db595783c1308e47b456100caa37c8ff8ecc9
Showing with 21 additions and 18 deletions.
  1. +20 −17 README.md
  2. +1 −1 calamity
@@ -1,27 +1,30 @@
## Calamity

```
================================================================================
================================================================================
========================= Calamity =========================
A script to assist in processing forensic RAM captures for malware triage
Run the script with no options and it will run in guided mode prompting the
user to choose options as required
If you already know the correct volatility memory profile you can use the
following options
A script to assist in processing forensic RAM captures for malware triage
Run the script with no options and it will run in guided mode prompting the
user to choose options as required
If you already know the correct volatility memory profile you can use the
following options
-f --filepath provide the complete filepath to the RAM memory dump
-p --profile provide the memory provile you want volatility to use
-s --scan will run all scans and prompt user as required
Example:
calamity -f /home/user/memory.dmp -p Win10x64_10586 -s
calamity --fullpath /home/user/memory.dmp --profile Win10x64_10586 --scan
================================================================================
-q --quick will run a quick scan for malware, no user input required to complete
-c --config same as quickscan but will try to extract malware configurations as well
Example:
calamity -f /home/user/memory.dmp -p Win10x64_10586 -s
calamity --fullpath /home/user/memory.dmp --profile Win10x64_10586 --scan
================================================================================
```

Original inspiration to Volatility Labs writeup in this article:
@@ -54,7 +54,7 @@ helpmenu(){
echo -e " -p --profile provide the memory provile you want volatility to use"
echo -e " -s --scan will run all scans and prompt user as required"
echo -e " -q --quick will run a quick scan for malware, no user input required to complete"
echo -e " -c --config smae as quickscan but will try to extract malware configurations as well"
echo -e " -c --config same as quickscan but will try to extract malware configurations as well"
echo -e "\nExample:\ncalamity -f /home/user/memory.dmp -p Win10x64_10586 -s"
echo -e "\ncalamity --fullpath /home/user/memory.dmp --profile Win10x64_10586 --scan"
header

0 comments on commit 183db59

Please sign in to comment.
You can’t perform that action at this time.