Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #/bin/bash
- memory_file=$1
- platform=$2
- if [ "$1" == "-h" ]
- then
- echo ./volatility [memory_file] [profile]
- exit 1
- fi
- if [ -z "$1" ] ;then
- memory_file=Win7SP1x64
- fi
- echo $memory_file
- if [ "$2" == "" ]
- then
- python /opt/volatility/vol.py -f $memory_file imageinfo >imageinfo.txt
- platform=`cat imageinfo.txt |grep Profile |awk '{print substr($4,0,length($4)-1)}'`
- fi
- echo -e "memory_file=$memory_file \t platform=$platform"
- echo volatility running
- echo -e -n "filescan running....... \t" &&python /opt/volatility/vol.py -f $memory_file --profile $platform filescan >filescan.txt 2> /dev/null && echo filescan success
- echo -e -n "pslist running....... \t" &&python /opt/volatility/vol.py -f $memory_file --profile $platform pslist >pslist.txt 2> /dev/null && echo pslist success
- echo -e -n "netscan running....... \t" &&python /opt/volatility/vol.py -f $memory_file --profile $platform netscan >netscan.txt 2> /dev/null && echo netscan success
- echo -e -n "cmdscan running....... \t" &&python /opt/volatility/vol.py -f $memory_file --profile $platform cmdscan >cmdscan.txt 2> /dev/null && echo cmdscan success
- #strings $memory_file > strings.txt
- echo -e -n "timeliner running....... \t" && python /opt/volatility/vol.py -f $memory_file --profile $platform timeliner >timeliner.txt 2> /dev/null && echo timeliner success
Add Comment
Please, Sign In to add comment
