Skip to content

superponible/volatility-plugins

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits

README.md

README.md

 
 

apihooksdeep.py

apihooksdeep.py

 
 

chromehistory.py

chromehistory.py

 
 

firefoxhistory.py

firefoxhistory.py

 
 

idxparser.py

idxparser.py

 
 

malfinddeep.py

malfinddeep.py

 
 

prefetch.py

prefetch.py

 
 

sqlite_help.py

sqlite_help.py

 
 

ssdeepscan.py

ssdeepscan.py

 
 

trustrecords.py

trustrecords.py

 
 

uninstallinfo.py

uninstallinfo.py

 
 

Repository files navigation

Volatility Plugins

Plugins I've made:

uninstallinfo.py - Dumps HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall from memory

prefetch.py - scan memory for prefetch files and dump filename and timestamps

idxparser.py - scan memory Java IDX files and extract details

firefoxhistory.py - firefoxhistory, firefoxcookies, and firefoxdownloads plugins to extract the following firefox history data: moz_places, moz_cookies, and moz_downloads

chromehistory.py - chromehistory, chromevisits, chromesearchterms, chromedownloads, chromedownloadchains, and chromecookies plugins to extract Chrome SQLite artifacts

sqlite_help.py - supporting functions SQLite used in Firefox and Chrome plugins

trustrecords.py - extract Office TrustRecords registry key information

ssdeepscan.py - like yarascan, but searches for pages matching an ssdeep hash

malfinddeep.py - whitelist code found by malfind based on an ssdeep hash

apihooksdeep.py - whitelist code found by apihooks based on an ssdeep hash

About

Plugins I've written for Volatility

Resources

Readme
Activity

Stars

191 stars

Watchers

14 watching

Forks

51 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages