MalConfScan is a Volatility plugin that extracts configuration data of known malware, searches for malware in memory images, and dumps configuration data. It also has a function to list strings to which malicious code refers. Supported malware families include Ursnif, Emotet, Smoke Loader, PoisonIvy, CobaltStrike, and many others. Additionally, it can dump decoded strings or DGA domains. MalConfScan also provides additional analysis by listing strings to which malicious code refers and decoding configuration data usually encoded by malware.
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
A library to access and parse Windows XML Event Log (EVTX) format, useful for digital forensics and incident response.
Create checkpoint snapshots of the state of running pods for later off-line analysis.
Python script to parse the NTFS USN Change Journal.
Open source Python library for NTFS analysis
A utility for recovering deleted files from ext3 or ext4 partitions.
A tool for fixing acquired .evt Windows Event Log files in digital forensics.