There will be times when you may encountered a zipped file and want to quickly parse it without having to unzip it. When the time comes, zcat and zgrep will be your savior. The usages of both are very straightforward but there are man pages for both for further reading.
Month: April 2016
Analyzing Various Memory Capture Formats
In a world where there are so many choices for capturing memory and analyzing it, I felt there would be some benefit in compiling a list for quick reference. FTK Imager – Outputs to .mem – Can be analyzed in Volatility Vol.py –f –profile= VMWare (.vmem) – .vmem and .vmsm