Please enable JavaScript.

Coggle requires JavaScript to display documents.

Volatility - Coggle Diagram

- - - - ldrmodules
        False/ MappedPath
        
        InInit
        
        InMem
        
        InLoad
- - - - idt
    - - apihooks
    - - ssdt
        Eliminate ntoskrnl.exe | win32k.sys
    - - psxview
- - - - processbl
- - - - consoles
      - cmdscan
      - dlldump
    - - moddump
    - - Procdump
      - memdump
        
        strings
        
        grep
    - - dumpfiles
      - filescan
    - - shimcachemem