[Vol-users] Lookup Process Name by Memory Address on Windows XP

Matthew Wong matthew at coredumps.net
Wed Nov 13 19:46:06 CST 2013


Thanks all!

Could Volatility able to generate a complete memory dump? Or I need to use
other tools?

--
matt


On Wed, Nov 13, 2013 at 11:15 PM, Vico Marziale <vicodark at gmail.com> wrote:

> Check this out:
> https://code.google.com/p/volatility/wiki/CommandReference#strings
>
>
>
> On Wed, Nov 13, 2013 at 7:22 AM, Matthew Wong <matthew at coredumps.net>wrote:
>
>> Hello All,
>>
>> I'm new to Volatility.
>>
>> Say I found the string "password=hello world" somewhere in the memory, is
>> there anyway for me to know which process that memory block is currently
>> allocated to?
>>
>>
>> --
>> matt
>>
>> _______________________________________________
>> Vol-users mailing list
>> Vol-users at volatilityfoundation.org
>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20131114/36bf0574/attachment.html


More information about the Vol-users mailing list