[Vol-users] Lookup Process Name by Memory Address on Windows XP

Jamie Levy jamie.levy at gmail.com
Wed Nov 13 09:00:42 CST 2013


Hi Matt,

Welcome to the users list!  Yes there is a way to do that, you can use the
`strings` plugin:
http://code.google.com/p/volatility/wiki/CommandReference23#strings

Let us know if you have any other questions.

All the best,

-gleeda




On Wed, Nov 13, 2013 at 8:22 AM, Matthew Wong <matthew at coredumps.net> wrote:

> Hello All,
>
> I'm new to Volatility.
>
> Say I found the string "password=hello world" somewhere in the memory, is
> there anyway for me to know which process that memory block is currently
> allocated to?
>
>
> --
> matt
>
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>
>


-- 
PGP Fingerprint: 2E87 17A1 EC10 1E3E 11D3  64C2 196B 2AB5 27A4 AC92
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20131113/eb5e46b6/attachment.html


More information about the Vol-users mailing list