This repository contains the version information and plugins to reproduce the results from the research paper "Windows memory forensics: Identification of (malicious) modifications in memory-mapped image files" (see here). These plugins will hence not be updated, so:
NOTE: For the most current version of all plugins contained in here, see: https://github.com/f-block/volatility-plugins.
Windows versions used for research and tested with these plugins:
- Windows 10 22h2 Build 19045
- Windows 10 21h1 Build 19043
- Windows 10 1511 Build 10586
Specific Windows versions for particular tests are also mentioned in the paper.
| Tool | Version |
|---|---|
| Google Chrome | 109.0.5414.75 |
| Chromium | 111.0.5555.0 |
| Firefox | 109.0.1 |
| Microsoft Edge | 109.0.1518.55 |
| Microsoft Office (running Word and Excel) | 18.2104.12721.0 |
| PowerShell | 5.1 (Build 19041, Revision 2364) |
| AVG Free Antivirus | 22.12.3264 (build 22.12.7758.769) |