Hi Folks,
I was recently trying to dig up a quick, easy method for parsing Windows commandline history records out of memory dumps, and came across a reference to Eoghan Casey’s 2010 article. Extracting Windows command line details from physical memory. When I pinged him about the cmd_history.py Volatility plugin he wrote along with that paper, he said he’d sent it in to the Volatility development group, and had presumed it would be included at some point. I’ve been digging around, but I can’t find it. Any idea what happened to it?
Thanks
John
----------------------------------------------------------
Quis custodiet ipsos custodes?... I do!