Volatility - Follow-up Analysis Script - Customize the script

You need to customize the following script based on the information gathered from the analysis.

#!/bin/bash
# Script to collect information by utilizing volatility

#### Configurable Options #######

homeDir='/home/volatility/image'
memImage="$homeDir/image.vmem"
locVolPy='/usr/share/volatility/vol.py'
volProfile=''

PID='1384'
dumpFileFilename='malware'  # Dump the file malware.exe

######################################

outputDir="$homeDir/output"
dumpDir="$homeDir/dumpdir"
tempDir="$homeDir/temp"

if [ ! -d $outputDir ]; then
    mkdir $outputDir
    mkdir $dumpDir
    mkdir $tempDir
fi

# Identify the profile found from output/imageinfo
cat $outputDir/imageinfo | grep "Suggested Profile(s)" | awk '{print "Identified Profile: " $4}' | sed 's/,//'
volProfile=`cat $outputDir/imageinfo | grep "Suggested Profile(s)" | awk '{print $4}' | sed 's/,//'`

# List the dll's associated with a PID
#python $locVolPy -f $memImage --profile=$volProfile dlllist -p $PID > $outputDir/dlllist-$PID

# Dump the file based on filename
#python $locVolPy -f $memImage --profile=$volProfile dumpfiles -r $dumpFileFilename -D $tempDir

# Find the mutants
#python $locVolPy -f $memImage --profile=$volProfile handles -p $PID > $outputDir/handles-$PID



Comments

Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3