A python script to analyse a memory dump using Volaitility framework. The script will:
- Search for operating system profile,
- Find the running processes,
- List the open and accessed network connections at memory capture,
- Analyse image for malicious processes and DLLs
- Clone/Download the repository
- Download the volatility executable for Windows or Linux and place them in project folder.
- Go to config.ini file and setup the volatility Installation path and also the location for the memory images as well as folder to save the outputs.
This is a python script hence the system/container should have python and pip installed and running. Below is a sample of how script works:
]
]
usage: python malscript.py -f [memory_image.dd]
- A More interactive interface so that user clearly interact with volatility using maybe a Web interface.
- Save the output formatted for JSOn or CSV so as to be able to analyse with other tools