Re: [Vol-users] Volatility's Network Connections
11 May
2009
11 May
'09
10:08 a.m.
On Mon, May 11, 2009 at 12:03 PM, AAron Walters <awalters(a)4tphi.net> wrote:
David,
BTW, could you explain the internal difference between connscan and
connscan2? I struggle to understand their differences, as there is no
documentation at all.
Thanks,
J
To your point about analyzing network
connections, I have recently
observed cases where Volatility "connections" produces no output at all and
HBGary does. In that situation Volatility "connscan" does find connections,
but the lists doesn't 100% match HBGary.
Did you send in a bug report? Are you sure you are using the most up to date
version of "connscan" or connscan2? Have you done any research into why
this may be happening?