Memory Images

Here's an XP memory image.

Edit 12/3/08: Here are some more XP images



Full Screen

To make it easier for you to sort through the output of Volatility I've written a little perl script to create an html report of running processes, open files and dlls.

This is not finished as there is more information that I would like to correlate from the output of Volatility. But if you are somewhat curious, this is what I have so far: vol2html.pl. You can see an example report here. The output files for this report and the perl script are bundled together here. There is minimal error checking.

To use, first redirect the output of Volatility for pslist, dlllist and files to text files:

./volatility pslist -f mem.dd > pslist.txt
./volatility files -f mem.dd >files.txt
./volatility dlllist -f mem.dd >dlllist.txt

Then feed the perl script these files:

./vol2html.pl -pslist pslist.txt \
-files files.txt -dlllist dlllist.txt