Script to perform Linux Memory Diff Analysis Using Volatility
-c path to the clean memory image
-i path to the infected memory image
-p profile for the memory images, the profile for the clean and the infected memory image has to be same. The profile can be created by following the procedure mentioned.
-o path to the file where analysis results will be stored, this is an optional argument. If this option is not given the analysis results are stored in "final_report.txt" in the current working directory.
-v performs verbose diff analysis. This is again optional.
By default the script performs non verbose Diff analysis by running most plugins against the clean and infected memory images. In the non verbose mode (default) it skips few plugins which takes some time. with -v option the script runs all the plugins including the slow running plugins because of which it will be slow and can take a while to complete.
Download tool : https://goo.gl/9zJtj8
Tool Options :
The screen shot below shows the usage options
-c path to the clean memory image
-i path to the infected memory image
-p profile for the memory images, the profile for the clean and the infected memory image has to be same. The profile can be created by following the procedure mentioned.
-o path to the file where analysis results will be stored, this is an optional argument. If this option is not given the analysis results are stored in "final_report.txt" in the current working directory.
-v performs verbose diff analysis. This is again optional.
By default the script performs non verbose Diff analysis by running most plugins against the clean and infected memory images. In the non verbose mode (default) it skips few plugins which takes some time. with -v option the script runs all the plugins including the slow running plugins because of which it will be slow and can take a while to complete.
Download tool : https://goo.gl/9zJtj8
Posts
