{"provider_name":"Hatena Blog","blog_url":"https://shawroot.hatenablog.com/","author_name":"Rooty","blog_title":"\u300c\u914d\u67aa\u6731\u4e3d\u53f6\u3002\u300d","description":"\u65f6\u9694\u4e00\u4e2a\u591a\u6708\u91cd\u65b0\u5b66\u4e60\u4e00\u54c8Volatility\u3002 shawroot.hatenablog.com \u9898\u76ee\u4e0b\u8f7d volatility imageinfo -f \u6587\u4ef6\u540d \u67e5\u770b\u8fdb\u7a0b\uff1a volatility psscan -f \u6587\u4ef6\u540d --profile=Win7SP1x86 Volatility Foundation Volatility Framework 2.6 Offset(P) Name PID PPID PDB Time created Time exited ------------------ ---------------- ------ ------ ---------- ------\u2026","type":"rich","provider_url":"https://hatena.blog","image_url":"https://s2.ax1x.com/2019/12/30/llE0hj.png","html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fshawroot.hatenablog.com%2Fentry%2F2019%2F12%2F30%2FRoarCTF2019%2FBUUCTF-forensic\" title=\"RoarCTF2019/BUUCTF-forensic - \u300c\u914d\u67aa\u6731\u4e3d\u53f6\u3002\u300d\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","url":"https://shawroot.hatenablog.com/entry/2019/12/30/RoarCTF2019/BUUCTF-forensic","categories":["BUUCTF","misc"],"author_url":"https://blog.hatena.ne.jp/Rooty/","published":"2019-12-30 23:22:48","title":"RoarCTF2019/BUUCTF-forensic","version":"1.0","height":"190","width":"100%"}