Praetorian503 Posted January 30, 2013 Report Share Posted January 30, 2013 Description: In this video I will show you how to use Volatility Framework for network information gathering from the memory and dump registry for password hashes and lot more.Commands for network and registry analysis.• NetworkingConnectionsTo view the active connections.ConnscanTo find connection structures using pool tag scanning.SocketsTo detect listening sockets for any protocol TCP, UDP, RAW.SockscanTo find socket structures using pool tag scanning.• RegistryHivescanTo find the physical addresses of CMHIVEs registry hives in memory.HivelistTo locate the virtual addresses of registry hives in memory.PrintkeyTo display the subkeys, values, data, and data types contained within a specified registry key.HashdumpTo extract and decrypt cached domain credentials stored in the registry.UserassistTo get the UserAssist keys from a sample you can use the userassist pluginSource : - CommandReference - volatility - Example usage cases and output for Volatility 2.0 commands - An advanced memory forensics framework - Google Project HostingDisclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.Original Source: Source: Volatility - Networking And Registry Usage Quote Link to comment Share on other sites More sharing options...
