-
Notifications
You must be signed in to change notification settings - Fork 0
Basic invocation
The following command runs voltaire on the memory image "/mnt/examples/Memory_images/memory.img", stores the results in the directory "test01" and prefixes the files with "ES01". The logs are captured in the file "output01.log". It removes the timeliner command from the commands passed to volatility.
$ python voltairedb.py scan --exclude_commands timeliner -s /mnt/examples/Memory_images/memory.img \ -d test01 -e 01 -l output01.log
The commands starts by prompting for a memory profile.
Choose a profile.
=================
1 : Win2003SP0x86
2 : Win2003SP1x86
3 : Win2003SP2x86
Profile number? 3
Please select a profile.
Profile name: Win2003SP2x86
This starts the memory analysis. Once completed, the results will be in the directory test01.
The following command runs voltaire on the memory image "/mnt/examples/Memory_images/memory.img", stores the results in the directory "test01" and prefixes the files with "ES01". It removes the timeliner command from the commands passed to volatility.
$ ./voila.sh -s /mnt/examples/Memory_images/memory.img -d test01 -x timeliner -c 01
Then it proceeds like above.