List of Volatility Plugins
From Forensics Wiki
Revision as of 07:12, 17 January 2009 by Jessek
The Volatility Framework was designed to be expanded by plugins. Here is a list of the published plugins for the framework. Note that these plugins are not hosted on the wiki, but all on external sites.
- volshell - Creates a python shell can be used with the framework.
- cryptoscan - Finds TrueCrypt passphrases
- moddump - Dump out a kernel module (aka driver)
- Registry tools - A suite of plugins for accessing data from the registry, including password hashes, LSA secrets, and arbitrary registry keys.
- suspicious - Identify "suspicious" processes. This version counts any command line running TrueCrypt or any command line that starts with a lower case drive letter as suspicious.