Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Forensics > Volatility Commands Related to Processes > Flashcards

Volatility Commands Related to Processes Flashcards

1
Q

pslist

A

Finds and walks the doubly linked list of processes and prints a summary of the data. This method typically cannot show you terminated or hidden processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

pstree

A

Takes the output from pslist and formats it in a tree view, so you can easily see parent and child relationships.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Scans for _EPROCESS objects instead of relying on the linked list. This plugin can also find terminated and unlinked (hidden) processes.

A

psscan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

psxview

A

Locates processes using alternate process listings, so you can then cross-reference different sources of information and reveal malicious discrepancies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Forensics (17 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions