This repository contains volatility3 plugins for the volatility3 framework.
The plugin is scanning, extracting and parsing Windows Prefetch files from Windows XP to Windows 11.
More information here : https://www.forensicxlab.com/posts/prefetch/
The plugin is scanning, extracting and parsing Windows AnyDesk trace files.
More information here : https://www.forensicxlab.com/posts/anydesk/
The plugin is scanning the keepass process for potential password recovery following CVE-2023-32784
More information here : https://www.forensicxlab.com/posts/keepass/
The layer & plugins aims to add support of the conversion of the hiberfile.sys to a raw memory image to the volatility3 framework. Pull request: volatilityfoundation/volatility3#1036 More information here : https://www.forensicxlab.com/posts/hibernation/
The plugin aims to carve the Import Address Table from a PE, it is giving information about the functions imported and therefore the cabapilities of a potential malicious process. Pull request: volatilityfoundation/volatility3#1063 More information here : https://www.forensicxlab.com/posts/voliat/
The plugin aims to carve the ADS from the MFT. Pull request: volatilityfoundation/volatility3#1063 More information here : https://www.forensicxlab.com/posts/volads/
The plugin is a pushed version of the lsof plugin, extracting inode metadata from each files.
More information here : https://www.forensicxlab.com/posts/inodes/
Pull request : volatilityfoundation/volatility3#1213
More information here : https://www.forensicxlab.com/posts/vols3/ Pull request: volatilityfoundation/volatility3#1044