$volatility timeliner --output=body --output-file=timeliner.txt --profile=<profile> --filename=<ram_dump> && volatility mftparser --output=body --output-file=mftparser.txt --profile=<profile> --filename=<ram_dump> && volatility shellbags --output=body --output-file=shellbags.txt --profile=<profile> --filename=<ram_dump>
$cat timeliner.txt mftparser.txt shellbags.txt > timeline.txt
$mactime -b timeline.txt -d > mactime.txt
No comments:
Post a Comment