Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Forensics > Volatility Plugins > Flashcards

Volatility Plugins Flashcards

1
Q

pslist

A

finds and walked the doubly linked list of processes and prints a summary of the data. This method typically cannot show you terminated or hidden processes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

pstree

A

takes the output from pslist and formats it in a tree view, so you can easily see parent and child relationships

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

psscan

A

scans for _EPROCESS objects instead of relying on the linked list. This plugin can also find terminated and unlinked (hidden) processes
important to use in addition to pslist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

psxview

A

locates processes using alternate process listings, so you can then cross-reference different sources of information and reveal malicious discrepancies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Forensics (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions