List of Volatility Plugins
From Forensics Wiki
Revision as of 07:30, 16 January 2009 by Jessek
The Volatility Framework was designed to be expanded by plugins. Here is a list of the published plugins for the framework. Note that these plugins are not hosted on the wiki, but all on external sites.
- volshell - Creates a python shell can be used with the framework.
- suspicious - Identify "suspicious" processes. This version counts any command line running TrueCrypt or any command line that starts with a lower case drive letter as suspicious.