Skip to content


Repository files navigation

Volatility Plugins

Plugins I've made: - Dumps HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall from memory - scan memory for prefetch files and dump filename and timestamps - scan memory Java IDX files and extract details - firefoxhistory, firefoxcookies, and firefoxdownloads plugins to extract the following firefox history data: moz_places, moz_cookies, and moz_downloads - chromehistory, chromevisits, chromesearchterms, chromedownloads, chromedownloadchains, and chromecookies plugins to extract Chrome SQLite artifacts - supporting functions SQLite used in Firefox and Chrome plugins - extract Office TrustRecords registry key information - like yarascan, but searches for pages matching an ssdeep hash - whitelist code found by malfind based on an ssdeep hash - whitelist code found by apihooks based on an ssdeep hash