Re: [Vol-dev] Looking for Eoghan Casey's cmd_history.py Volatility plugin
29 Jul
2011
29 Jul
'11
2:41 a.m.
Hi John,
It's been a while since we have seen you around the mailing list. I
didn't realize you were still using Volatility.
Eoghan did recently send us the plugin and it is in the queue to be ported
to Volatility 2.X. There were a number of things that needed to be
updated and cleaned up so it did not make it in the upcoming release. It
is one of the plugins on the roadmap for the next release. If you would
like to help with that effort, I'm sure people would be more than
greatful.
Hope all is well!
AW
The Volatility Project
On Thu, 28 Jul 2011, McCash John-GKJN37 wrote:
Hi Folks,
I was recently trying to dig up a quick, easy method for
parsing Windows commandline history records out of memory dumps, and
came across a reference to Eoghan Casey's 2010 article. Extracting
Windows command line details from physical memory. When I pinged him
about the cmd_history.py Volatility plugin he wrote along with that
paper, he said he'd sent it in to the Volatility development group, and
had presumed it would be included at some point. I've been digging
around, but I can't find it. Any idea what happened to it?
Thanks
John
----------------------------------------------------------
Quis custodiet ipsos custodes?... I do!