Skip to content

Releases: ImDuong/vola-auto

1.0.0

07 Jun 15:46
@ImDuong ImDuong
1.0.0
84a5aac
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
1.0.0 Latest
Latest

Main Features

  • Auto run common plugins: info, filescan, process, etc., parallely. Auto dump common artifacts file: MFT, Logfile, prefetch, etc. Auto run customized artifacts analytics.
  • Add regex for dumping files (currently Volatility 3 does not support it, which is different from Volatility 2).
  • Run multiple commands parallelly from a file with subcommand batch.

Feature List

Volatility Plugins

  • common plugins: info, filescan, netstat, envars, hivelist, iat, mft scan, mft ads, lsadump
  • process plugins: cmdline, pslist, psscan, pstree, handles
  • plugins not mentioned here can be run parallely with subcommand batch

Artifacts Collector Plugins

  • dump $MFT, $LogFile, $UsnJrnl:$J, prefetch files, event log files (evtx), amcache hive, SRU files, SYSTEM, SAM, SECURITY, SOFTWARE hives, wpndatabase.db
  • construct better visualization for process tree
  • construct timeline for process list

Artifacts Analytics Plugins

  • find weird environment variables of processes
Assets 11
Loading