The hivescan plugin displays the physical locations of available registry hives.
The command to run hivescan is as follows:
<pre>volatility --profile=WinXPSP3x86 -f cridex.vmem hivescanThe hivescan plugin displays the physical locations of available registry hives.
The command to run hivescan is as follows:
<pre>volatility --profile=WinXPSP3x86 -f cridex.vmem hivescan