[Vol-users] Attributing a string to a program
jamie.levy at gmail.com
Mon Sep 17 10:36:17 CDT 2012
Have you tried the strings plugin?
On Mon, Sep 17, 2012 at 8:37 AM, David Bramer <david.bramer at gmail.com> wrote:
> Have a memory dump which I have obtained via DumpIt, I'm then pretty
> happy and can use Volatility to find out some of the answers to my
> questions. However when I have run Strings on the memory dump I find a
> string of great interest. I would like to figure out a means by which
> I could find out what created this string.
> So far I've created a basic Yara rule and used malfind to no avail. Is
> there anything else I could try?
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92
More information about the Vol-users