Looking for Eoghan Casey's cmd_history.py Volatility plugin
by McCash John-GKJN37
Hi Folks,
I was recently trying to dig up a quick, easy method for
parsing Windows commandline history records out of memory dumps, and
came across a reference to Eoghan Casey's 2010 article. Extracting
Windows command line details from physical memory. When I pinged him
about the cmd_history.py Volatility plugin he wrote along with that
paper, he said he'd sent it in to the Volatility development group, and
had presumed it would be included at some point. I've been digging
around, but I can't find it. Any idea what happened to it?
Thanks
John
----------------------------------------------------------
Quis custodiet ipsos custodes?... I do!
12 years, 8 months
- 3
- 3