The hivescan plugin displays the physical locations of available registry hives.
The command to run hivescan is as follows:
<pre>volatility --profile=WinXPSP3x86 -f cridex.vmem hivescan
- Preface
- Introduction to Digital Forensics
- What is digital forensics?
- Digital forensics methodology
- A brief history of digital forensics
- The need for digital forensics as technology advances
- Commercial tools available in the field of digital forensics
- Operating systems and open source tools for digital forensics
- The need for multiple forensics tools in digital investigations
- Anti-forensics: threats to digital forensics
- Summary
- Installing Kali Linux
- Understanding Filesystems and Storage Media
- Incident Response and Data Acquisition
- Evidence Acquisition and Preservation with DC3DD and Guymager
- File Recovery and Data Carving with Foremost, Scalpel, and Bulk Extractor
- Memory Forensics with Volatility
- About the Volatility Framework
- Downloading test images for use with Volatility
- Using Volatility in Kali Linux
- Summary
- Autopsy – The Sleuth Kit
- Network and Internet Capture Analysis with Xplico
- Revealing Evidence Using DFF
The hivescan plugin
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.