Which of the following Volatility commands will display the date and time an image was collected?

Last Updated on February 10, 2022 by Admin 2

Which of the following Volatility commands will display the date and time an image was collected?

  • python vol.py -f Win2k12x64.vmsn –profile=Win2012R2x64 –kdbg=0xf800f17dd9b0 timeliner –type=_CMHIVE
  • python vol.py -f ~/Desktop/win7_trial_64bit.raw imageinfo
  • python vol.py -f ~/Desktop/win7_trial_64bit.raw –profile=Win7SP0x64 printkey -K “Microsoft\Security Center\Svc”
  • python vol.py -f win7.vmem –profile=Win7SP0x86 userassist
Explanation:
Reference: https://www.andreafortuna.org/2017/06/25/volatility-my-own-cheatsheet-part-1-image-identification/
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments