A python script developed to process Windows memory images based on triage type.

Related tags

MiscellaneousSuperMem
Overview

Overview

A python script developed to process Windows memory images based on triage type.

Requirements

  • Python3
  • Bulk Extractor
  • Volatility2 with Community Plugins
  • Volatility3
  • Plaso
  • Yara

How to Use

Quick Triage

python3 winSuperMem.py -f memdump.mem -o output/ -tt 1

Full Triage

python3 winSuperMem.py -f memdump.mem -o output/ -tt 2

Comprehensive Triage

python3 winSuperMem.py -f memdump.mem -o output/ -tt 3

Installation

  1. Install Python 3
  2. Install Python 2
  3. pip3 install -r requirements.txt
  4. Install Volatility 3 Framework
  5. Install Volatility 2 Framework
  6. Download Volatility 2 Community Plugins
  7. Install Bulk Extractor
  8. Install Plaso
  9. Install Yara
  10. Install Strings

How to Read the Output

  • Output directory structure of comprehensive triage:
    • BEoutputdir - Bulk Extractor output
    • DumpedDllsOutput - Dumped DLLs loaded into processes
    • DumpedFilesOutput - Dumped files in memory
    • DumpedModules - Dumped loaded drivers
    • DumpedProcessOutput - Dumped running processes
    • DumpedRegistriy - Dumped loaded registry hives
    • EVTxtract - Extracted data with EVTxtract
    • IOCs.csv - Collected IPs identified in the output data set
    • Logging.log - Logging for the script
    • Plaso - Plaso master timeline
    • Strings - Unicode, Ascii, Big Endian strings output
    • Volatility2 - Volatility2 plugin output
    • Volatility3 - Volatility3 plugin output
    • Yara - Yara matches

Troubleshooting

There are a number of known bugs, which are outlined in this section.

  • Dumping files may not work on Windows images below Windows8. The offset supplied by the volatility3 filescan plugin is sometimes physical and not virtual. There is not a descriptor specifying which is returned either. The current script is expecting virtual only. You can fix this by changing the dumpfiles function from --virtaddr to --physaddr.
Owner
CrowdStrike
CrowdStrike
GitHub Repository
Better Giveaways is a bot that will change the experience of using a giveaway bot forever.

Better-Giveaways Better Giveaways is a bot that will change the experience of using a giveaway bot forever. VoxelBotUtils/Novus, latest PyPi releases

Lightning 2 Jan 12, 2022
A brainfuck-based game oriented language written in python.

GF.py STILL WIP Gamefuck.py is a programming language based off brainfuck. It is oriented towards game development, and as such has many commands spec

Xenon 1 Feb 23, 2022
This is the old code for bitcoin risk metric, the whole purpose form it is to help you DCA your investment according to bitcoin risk.

About The Project This is the old code for bitcoin risk metric, the whole purpose form it is to help you DCA your investment according to bitcoin risk

BitcoinRaven 2 Aug 03, 2022
An application for automation of the mining function in the game Alienworlds.IO

alienautomation A Python script made to automate the tidious job of mining on AlienWorlds This script: Automatically opens the browser Automatically l

anonieXdev 42 Dec 03, 2022
Drop-down terminal for GNOME

Guake 3 README Introduction Guake is a python based dropdown terminal made for the GNOME desktop environment. Guake's style of window is based on an F

Guake 4.1k Dec 25, 2022
LanguageCreator - Simple library for easy creation transpilator.

LanguageCreator - Simple library for easy creation transpilator. Create transpilators in one hour! Install. Download code, rename folder to "LanguageC

Ivan Perzhinsky. 2 Dec 31, 2021
Stack-overflow-import - Import arbitrary code from Stack Overflow as Python modules.

StackOverflow Importer Do you ever feel like all you’re doing is copy/pasting from Stack Overflow? Let’s take it one step further. from stackoverflow

Filip Haglund 3.7k Jan 08, 2023
An After Effects render queue for ShotGrid Toolkit.

AEQueue An After Effects render queue for ShotGrid Toolkit. Features Render multiple comps to locations defined by templates in your Toolkit config. C

Brand New School 5 Nov 20, 2022
Github Star Tracking app with Streamlit

github-star-tracking-python-app Github Star Tracking app with Streamlit #8daysofstreamlit How to run it locally? Clone or Download & Unzip the Repo En

amrrs 4 Sep 22, 2022
List of resources for learning Category Theory

A curated list of resources for studying category theory. As resources aimed at mathematicians are abundant, this list is aimed at materials whose target audience is not people with a graduate-level

Bruno Gavranović 100 Jan 01, 2023
Tool to generate wrappers for Linux libraries allowing for dlopen()ing them without writing any boilerplate

Dynload wrapper This program will generate a wrapper to make it easy to dlopen() shared objects on Linux without writing a ton of boilerplate code. Th

Hein-Pieter van Braam 25 Oct 24, 2022
Open source style Deep Dream project

DeepDream ⚠️ If you don't have a gpu with cuda, the style transfer execution time will be much longer Prerequisites Python =3.8.10 How to Install sud

Patrick martins de lima 7 May 17, 2022
This is a method to build your own qgis configuration packages using osgeo4W.

This is a method to build your own qgis configuration packages using osgeo4W. Then you can automate deployment in your organization with a controled and trusted environnement.

Régis Haubourg 26 Dec 05, 2022
For my Philips Airpurifier AC3259/10

Philips-Airpurifier For my Philips Airpurifier AC3259/10 I will try to keep this code

AcidSleeper 7 Feb 26, 2022
Python script for changing the SSH banner content with other content

Banner-changer-py Python script for changing the SSH banner content with other content. The Script will take the content of a specified file range and

2 Nov 23, 2021
Iss-tracker - ISS tracking script in python using NASA's API

ISS Tracker Tracking International Space Station using NASA's API and plotting i

Partho 9 Nov 29, 2022
Liquid Rocket Engine Cooling Simulation

Liquid Rocket Engine Cooling Simulation NASA CEA The implemented class calls NASA CEA via RocketCEA. INSTALL GUIDE In progress install instructions fo

John Salib 1 Jan 30, 2022
Repo created for the purpose of adding any kind of programs and projects

Programs and Project Repository A repository for adding programs and projects of any kind starting from beginners level to expert ones Contributing to

Unicorn Dev Community 3 Nov 02, 2022
This repo is related to Google Coding Challenge, given to Bright Network Internship Experience 2021.

BrightNetworkUK-GCC-2021 This repo is related to Google Coding Challenge, given to Bright Network Internship Experience 2021. Language used here is py

Dareer Ahmad Mufti 28 May 23, 2022
A Python version of Canvacord

A copy of canvacord made in python! Table of contents Installation Examples Creating Images Links Downloads Installation Run any of these commands in

10 Mar 28, 2022