Volatility 2.0: Timeliner, RegistryAPI, evtlogs and more
Gleeda recently released a whitepaper describing how to extract temporal information from physical memory. It’s exciting to see someone extending the Volatility temporal reconstruction research. The whitepaper also serves as a great tutorial for creating new plugins. You will also want to check out the links to the plugins she discussed at OMFW. Shoutz to Gleeda, Gleeda!
