Hello Michael,
you’re right, the „-t“-Option is the better solution.
Thank you!
Michael
Von: Michael Hale Ligh [mailto:michael.hale@gmail.com]
Gesendet: Donnerstag, 11. August 2011 13:18
An: Michael Felber
Cc: vol-users@volatilityfoundation.org
Betreff: Re: [Vol-users] files-command missed
Michael,
The files command only showed info on files, but there are 20+ other types of objects. The handles command shows you all objects, including mutexes, events, desktops, registry keys, etc. If you only want to see files, without using grep, try "handles -p 816 -t File"
Also see:
http://code.google.com/p/volatility/wiki/CommandReference#handles
MHL
On Thu, Aug 11, 2011 at 5:12 AM, Michael Felber <MichaelFelber@gmx.net> wrote:
Hi all,
In v2.0 I miss the files-command.
As a workaround I use
C:\Python27\Scripts>python vol.py handles -p 816 -f … | grep -i "File"
„files“ was easier to use. Why it has gone?
Cu
Michael
_______________________________________________
Vol-users mailing list
Vol-users@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users