If you’re like me, you LOVE Volatility, the open source memory forensics tool. One of the best features of Volatility is that it can be extended with user created plugins. SANS recently released an amazing Memory Forensics Poster that listed some great plugins. Many thanks to Alissa Torres and Jake Williams for created it. Unfortunately, the poster didn’t give the exact location of the plugins. Below is the list of plugins used in the poster, where to download them, and any prerequisites.
Mimikatz by Francesco Picasso
Blog Post: http://blog.digital-forensics.it/2014/03/mimikatz-offline-addendum_28.html
Download: https://github.com/dfirfpi/hotoloti/blob/master/volatility/mimikatz.py
Prerequisites:
Ethscan by Jamaal Speights
Blog Post: http://jamaaldev.blogspot.com/2013/07/ethscan-volatility-memory-forensics.html
Download: https://code.google.com/p/jamaal-re-tools/source/browse/volplugins/ethscan.py
USNParser by Tom Spencer
Download: https://github.com/tomspencer/volatility/tree/master/usnparser
AutoRuns by Thomas Chopitea
Blog Post: http://tomchop.me/volatility-autoruns-plugin/
Download: https://github.com/tomchop/volatility-autoruns
Chrome/Mozilla Browser History by John Lassalle (superponible)
Blog Post for Chrome Plugin: http://blog.superponible.com/2014/08/31/volatility-plugin-chrome-history/
Blog Post for Firefox Plugin: http://blog.superponible.com/2014/08/31/volatility-plugin-firefox-history/
Download (lots of interesting plugins here): https://github.com/superponible/volatility-plugins
Prerequisites: