I'm a Volatility user and normally just use strings and grep to perform a
keyword search outside of the tool.
Not sure about the pmem.ko related question.
On Tue, Nov 27, 2012 at 2:18 PM, Scott Ehrlich <srehrlich(a)gmail.com> wrote:
A review of the Linux-capable version of volatility
doesn't seem to
indicate any option of performing a keyword search of captured memory.
Is this correct?
Also, I don't recall seeing an option in pmem.ko for capturing
virtual/shared memory versus physical memory. Am I missing
Vol-users mailing list