Hi,

When i run the script, i have the following error with Volatility 2:

ERROR: Cant find KDGB for Volatility2 caused by error in regex

Here is my command with the options:

$ python3 winSuperMem.py -f cridex.vmem -o output -p WinXPSP2x86 -tt 3

Thanks for this great tool.

Hello guys , first of all thank you for this awesome tool. attaching a problem occurred while using the software , will be happy to some help thank you

user_wsl@DESKTOP-U2H1XR3:/mnt/c/Users/user/Desktop/SuperMem-main/SuperMem-main$ sudo python3 winSuperMem.py -f Triage-Memory.mem -o 1234/ -tt 3 INFO: ************************** INFO: File Name: /mnt/c/Users/user/Desktop/SuperMem-main/SuperMem-main/Triage-Memory.mem INFO: Output Directory: /mnt/c/Users/user/Desktop/SuperMem-main/SuperMem-main/1234 INFO: Triage Type: ComprehensiveTriage INFO: Command: winSuperMem.py -f Triage-Memory.mem -o 1234/ -tt 3 INFO: ************************** INFO: Setting up symbols for Volatility3 with windows.info.Info INFO: Locating profile, DTB, and KDGB for Volatility2

INFO: Started Volatility3 plugin windows.pstree.PsTree INFO: Started Volatility3 plugin windows.cmdline.CmdLine INFO: Started Volatility3 plugin windows.callbacks.Callbacks INFO: Started Volatility3 plugin windows.svcscan.SvcScan INFO: Started Volatility3 plugin windows.registry.userassist.UserAssist INFO: Finished Volatility3 plugin windows.callbacks.Callbacks in 0 seconds INFO: Started Volatility3 plugin windows.pslist.PsList INFO: Started Volatility3 plugin windows.envars.Envars INFO: Started Volatility3 plugin windows.handles.Handles INFO: Finished Volatility3 plugin windows.svcscan.SvcScan in 0 seconds INFO: Started Volatility3 plugin windows.registry.hivelist.HiveList INFO: Started Volatility3 plugin windows.malfind.Malfind INFO: Finished Volatility3 plugin windows.pstree.PsTree in 0 seconds INFO: Started Volatility3 plugin windows.ssdt.SSDT INFO: Finished Volatility3 plugin windows.cmdline.CmdLine in 0 seconds INFO: Started Volatility3 plugin windows.registry.hivescan.HiveScan INFO: Finished Volatility3 plugin windows.registry.userassist.UserAssist in 0 seconds INFO: Started Volatility3 plugin windows.modscan.ModScan INFO: Finished Volatility3 plugin windows.registry.hivelist.HiveList in 0 seconds INFO: Started Volatility3 plugin windows.mutantscan.MutantScan INFO: Finished Volatility3 plugin windows.envars.Envars in 0 seconds INFO: Started Volatility3 plugin windows.psscan.PsScan INFO: Started Volatility3 plugin windows.modules.Modules INFO: Finished Volatility3 plugin windows.registry.hivescan.HiveScan in 0 seconds INFO: Started Volatility3 plugin windows.driverscan.DriverScan INFO: Started Volatility3 plugin windows.getservicesids.GetServiceSIDs INFO: Finished Volatility3 plugin windows.malfind.Malfind in 0 seconds INFO: Started Volatility3 plugin windows.symlinkscan.SymlinkScan INFO: Started Volatility3 plugin windows.dlllist.DllList INFO: Finished Volatility3 plugin windows.ssdt.SSDT in 0 seconds INFO: Started Volatility3 plugin windows.driverirp.DriverIrp INFO: Finished Volatility3 plugin windows.modules.Modules in 0 seconds INFO: Started Volatility3 plugin windows.netscan.NetScan INFO: Finished Volatility3 plugin windows.psscan.PsScan in 0 seconds INFO: Started Volatility3 plugin windows.filescan.FileScan INFO: Finished Volatility3 plugin windows.driverscan.DriverScan in 0 seconds INFO: Started Volatility3 plugin windows.poolscanner.PoolScanner INFO: Finished Volatility3 plugin windows.netscan.NetScan in 0 seconds INFO: Started Bulk Extractor INFO: Finished Volatility3 plugin windows.modscan.ModScan in 0 seconds INFO: Started Strings unicode INFO: Finished Volatility3 plugin windows.filescan.FileScan in 0 seconds INFO: Started Strings ascii INFO: Finished Volatility3 plugin windows.dlllist.DllList in 0 seconds INFO: Started Strings big endian INFO: Finished Bulk Extractor in 0 seconds INFO: Started Volatility2 plugin amcache INFO: Finished Volatility3 plugin windows.driverirp.DriverIrp in 0 seconds INFO: Started Volatility2 plugin getsids INFO: Finished Volatility3 plugin windows.handles.Handles in 0 seconds INFO: Started Volatility2 plugin clipboard INFO: Finished Volatility3 plugin windows.poolscanner.PoolScanner in 0 seconds INFO: Started Volatility2 plugin cmdscan INFO: Finished Volatility3 plugin windows.mutantscan.MutantScan in 0 seconds INFO: Started Volatility2 plugin consoles INFO: Started Volatility3 plugin windows.getsids.GetSIDs INFO: Finished Volatility3 plugin windows.symlinkscan.SymlinkScan in 0 seconds INFO: Started Volatility2 plugin ldrmodules INFO: Finished Volatility3 plugin windows.pslist.PsList in 0 seconds INFO: Started Volatility2 plugin mftparser INFO: Finished Volatility3 plugin windows.getservicesids.GetServiceSIDs in 0 seconds INFO: Started Volatility2 plugin psxview INFO: Finished Volatility3 plugin windows.getsids.GetSIDs in 0 seconds INFO: Started Volatility2 plugin shellbags INFO: Finished Volatility2 plugin cmdscan in 60 seconds INFO: Started Volatility2 plugin shutdowntime INFO: Finished Volatility2 plugin consoles in 64 seconds INFO: Started Volatility2 plugin indx INFO: Finished Volatility2 plugin indx in 8 seconds INFO: Started Volatility2 plugin logfile INFO: Finished Volatility2 plugin logfile in 6 seconds INFO: Started Volatility2 plugin prefetchparser INFO: Finished Volatility2 plugin prefetchparser in 7 seconds INFO: Started Volatility2 plugin schtasks INFO: Finished Volatility2 plugin schtasks in 7 seconds INFO: Started Volatility2 plugin sessions INFO: Finished Volatility2 plugin sessions in 9 seconds INFO: Started Volatility2 plugin shimcachemem INFO: Finished Volatility2 plugin shimcachemem in 6 seconds INFO: Started Volatility2 plugin shimcache INFO: Finished Volatility2 plugin psxview in 125 seconds INFO: Started Volatility2 plugin sockets INFO: Finished Volatility2 plugin shutdowntime in 75 seconds INFO: Started Volatility2 plugin sockscan INFO: Finished Volatility2 plugin sockets in 11 seconds INFO: Started Volatility2 plugin threads INFO: Finished Volatility2 plugin sockscan in 10 seconds INFO: Started Volatility2 plugin usnjrnl INFO: Finished Volatility2 plugin usnjrnl in 7 seconds INFO: Started Volatility2 plugin autoruns INFO: Finished Volatility2 plugin amcache in 156 seconds INFO: Started Volatility2 plugin connections INFO: Finished Volatility2 plugin getsids in 161 seconds INFO: Started Volatility2 plugin connscan INFO: Finished Volatility2 plugin autoruns in 9 seconds INFO: Started Volatility2 plugin hollowfind INFO: Finished Volatility2 plugin connections in 10 seconds INFO: Started Volatility2 plugin malthfind INFO: Finished Volatility2 plugin connscan in 10 seconds INFO: Started Volatility2 plugin timeliner INFO: Finished Volatility2 plugin hollowfind in 10 seconds INFO: Started Volatility2 plugin apihooks INFO: Finished Volatility2 plugin malthfind in 10 seconds INFO: Started Volatility2 plugin messagehooks INFO: Finished Volatility2 plugin clipboard in 177 seconds INFO: Started EVTXTRACT INFO: Finished Volatility2 plugin shimcache in 75 seconds INFO: Started Dumping Registry INFO: Finished Dumping Registry in 0 seconds INFO: Started Dumping DLLs INFO: Finished Dumping DLLs in 0 seconds INFO: Started Dumping Processes INFO: Finished Dumping Processes in 0 seconds INFO: Started Dumping Modules INFO: Finished Dumping Modules in 0 seconds INFO: Finished Volatility2 plugin threads in 99 seconds INFO: Finished Volatility2 plugin mftparser in 266 seconds INFO: Finished EVTXTRACT in 90 seconds INFO: Finished Volatility2 plugin ldrmodules in 320 seconds INFO: Finished Strings ascii in 343 seconds INFO: Finished Volatility2 plugin messagehooks in 168 seconds INFO: Finished Strings unicode in 355 seconds INFO: Finished Strings big endian in 362 seconds INFO: Finished Volatility2 plugin shellbags in 502 seconds INFO: Finished Volatility2 plugin timeliner in 445 seconds INFO: Finished Volatility2 plugin apihooks in 610 seconds Pre-Processing Complete: 100%|█████████████████████████████████████████████████████| 63/63 [13:06<00:00, 12.48s/Command] Dumping Files Complete: : 0Command [00:00, ?Command/s] INFO: Collecting Network IOCs INFO: Running Plaso ERROR: Cant Find File /path/to/yara/Yarafile.txt INFO: Finished all processing in 14 minutes

I just created a docker container around this tool. It is only a dirty version. Needs optimalization ( env variables, unnecessary files removed, etc). Need testing as well, but so far seems working

https://github.com/takov751/SuperMem-docker

Any question, just write here or on the repo. It's not something I will actively maintain, just a wrapping.

convert the how to use sections to H2 convert the how to use instructions to be code blocks change the case of How to Use to title case reorder the change in the options to read to and from

Awesome project! 🔥

Running ./winSuperMem.py hits import as the first non-comment line. Without a shebang, this will often run the ImageMagick import tool thinking that winSuperMem.py is a shell script, causing the script to apparently stall execution. Adding the sheban~~d~~g will fix this.