Monday, November 24, 2008

Vol2html Perl Script

During my forensics class I started thinking of a way to make it easier for my students to sort through the output of Volatility and starting writing a little perl script to create an html report of running processes, open files and dlls.

This is not finished as there is more information that I would like to correlate from the output of Volatility. But if you are somewhat curious, this is what I have so far: You can see an example report here. The output files for this report and the perl script are bundled together here. There is minimal error checking.

To use, first redirect the output of Volatility for pslist, dlllist and files to text files:

./volatility pslist -f mem.dd > pslist.txt
./volatility files -f mem.dd >files.txt
./volatility dlllist -f mem.dd >dlllist.txt

Then feed the perl script these files:

./ -pslist pslist.txt \
-files files.txt -dlllist dlllist.txt

There is more coming...

The venus website is down so if you need to download vol2html you can get it from the new Google code page

Sunday, November 16, 2008

Permeate MITM

It's been a long while. For that I apologize... I guess I'm not a very good blogger when the semester is in full stride. Anyway, there's a new code release for Permeate, this time with the MITM detection built in. A paper we recently submitted to ICC 09 is available there as well. Shouts to Jarek and BK :-)