# Get info about a memory dump. Good when you dont know host OSvol-f'dump.vmem'windows.infovol-f'dump.vmem'linux.infovol-f'dump.vmem'mac.info# Get process list. PSSCAN can find unlinked malwarevol-f'dump.vmem'windows.pslistvol-f'dump.vmem'windows.psscanvol-f'dump.vmem'windows.pstree# Network Information. Can be unstable, use bulk extractor for pcap.# https://tools.kali.org/forensics/bulk-extractorvol-f'dump.vmem'windows.netstat# Get a list of DLLSvol-f'dump.vmem'windows.dlllist# Basic malware scanvol-f'dump.vmem'windows.malfindvol-f'dump.vmem'windows.yarascan# Advanced hunting techniquesvol-f'dump.vmem'windows.ssdtvol-f'dump.vmem'windows.modulesvol-f'dump.vmem'windows.driverscanvol-f'dump.vmem'windows.modscanvol-f'dump.vmem'windows.callbacksvol-f'dump.vmem'windows.idtvol-f'dump.vmem'windows.apihooksvol-f'dump.vmem'windows.moddumpvol-f'dump.vmem'windows.handles# Dump process using PIDvol.py-f<dump>-o/dir/to/store_dump/windows.memmap.Memmap--pid<suspiciousPID>--dump# Get Path of PIDvol-f'dump.vmem'windows.dlllist|grep<pid>
