[Vol-users] Lookup Process Name by Memory Address on Windows XP
jamie.levy at gmail.com
Wed Nov 13 09:00:42 CST 2013
Welcome to the users list! Yes there is a way to do that, you can use the
Let us know if you have any other questions.
All the best,
On Wed, Nov 13, 2013 at 8:22 AM, Matthew Wong <matthew at coredumps.net> wrote:
> Hello All,
> I'm new to Volatility.
> Say I found the string "password=hello world" somewhere in the memory, is
> there anyway for me to know which process that memory block is currently
> allocated to?
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vol-users