[Vol-users] Lookup Process Name by Memory Address on Windows XP
matthew at coredumps.net
Wed Nov 13 19:46:06 CST 2013
Could Volatility able to generate a complete memory dump? Or I need to use
On Wed, Nov 13, 2013 at 11:15 PM, Vico Marziale <vicodark at gmail.com> wrote:
> Check this out:
> On Wed, Nov 13, 2013 at 7:22 AM, Matthew Wong <matthew at coredumps.net>wrote:
>> Hello All,
>> I'm new to Volatility.
>> Say I found the string "password=hello world" somewhere in the memory, is
>> there anyway for me to know which process that memory block is currently
>> allocated to?
>> Vol-users mailing list
>> Vol-users at volatilityfoundation.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Vol-users