Latest Version 1.2.30
September 17, 2021
Volatility
This app implements a variety of <b>investigative</b> actions on the <b>Volatility forensics analysis platform</b>.
Built by
Compatibility
SOAR On-Prem
Platform Version: 5.5, 5.4, 5.3, 5.2, 5.1, 5.0, 4.10, 4.9, 4.8, 4.7, 4.6, 4.5, 4.2, 4.1, 4.0, 3.5, 3.0, 2.1
Rating
0
(0)
Log in to rate this app
Support
Splunk Supported connector
Ranking
#1
in Vulnerability Scanner
This app implements a variety of <b>investigative</b> actions on the <b>Volatility forensics analysis platform</b>.
Supported Actions
- list processes: Queries the system memory dump file for a list of processes and their information
- get process file: Extracts the process file from the memory dump
- list drivers: Execute the driverscan volatility plugin to list loaded drivers
- list mutexes: Execute the mutantscan volatility plugin to list mutexes
- list open files: Execute the filescan volatility plugin to list open files
- find malware: Execute the malfind volatility plugin to find injected code/dlls in user mode memory
- list sockets: Execute the sockscan volatility plugin. This command is only available on Windows XP and Windows 2003 Server.
- list connections: Execute the netscan or connscan volatility plugin to list network connections
- get browser history: Execute the iehistory volatility plugin
- list mrus: Execute the shellbags volatility plugin to get a list of MRUs (Most recently used items)
- get timeline: Execute the timeliner volatility plugin
- get command history: Execute the cmdscan volatility plugin
- get registry key: Execute the printkey volatility plugin
- list mfts: Execute the mftparser volatility plugin to get a list of master file table entries
- get registry hives: Execute the hivelist volatility plugin to get a list of registry hives
Categories
Vulnerability Scanner
Created By
Splunk Inc.
Type
connector
Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing