From d31aadd42dc4205ccbae5e71a2cf1dc63e8f1988 Mon Sep 17 00:00:00 2001
From: m_kara <135459639+H3xKatana@users.noreply.github.com>
Date: Tue, 17 Dec 2024 18:59:49 +0100
Subject: [PATCH 1/2] Add autoVolatility3 memory forensics automation guide

---
 .../memory-dump-analysis/volatility-cheatsheet.md  | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md b/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md
index fb39bac0f..992df01cc 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md
@@ -22,6 +22,19 @@ Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-s
 ​​[**RootedCON**](https://www.rootedcon.com/) is the most relevant cybersecurity event in **Spain** and one of the most important in **Europe**. With **the mission of promoting technical knowledge**, this congress is a boiling meeting point for technology and cybersecurity professionals in every discipline.
 
 {% embed url="https://www.rootedcon.com/" %}
+If you need a tool that automates memory analysis with different scan levels and runs multiple Volatility3 plugins in parallel, you can use autoVolatility3:: [https://github.com/H3xKatana/autoVolatility3/](https://github.com/H3xKatana/autoVolatility3/)
+
+```bash
+# Full scan (runs all plugins)
+python3 volatility_forensics.py -f MEMFILE -o OUT_DIR -s full
+
+# Minimal scan (runs a limited set of plugins)
+python3 volatility_forensics.py -f MEMFILE -o OUT_DIR -s minimal
+
+# Normal scan (runs a balanced set of plugins)
+python3 volatility_forensics.py -f MEMFILE -o OUT_DIR -s normal
+
+```
 
 If you want something **fast and crazy** that will launch several Volatility plugins on parallel you can use: [https://github.com/carlospolop/autoVolatility](https://github.com/carlospolop/autoVolatility)
 
@@ -29,6 +42,7 @@ If you want something **fast and crazy** that will launch several Volatility plu
 python autoVolatility.py -f MEMFILE -d OUT_DIRECTORY -e /home/user/tools/volatility/vol.py # It will use the most important plugins (could use a lot of space depending on the size of the memory)
 ```
 
+
 ## Installation
 
 ### volatility3

From 09b51e59cb5ddac5f66530410abe11a4760f17fd Mon Sep 17 00:00:00 2001
From: m_kara <135459639+H3xKatana@users.noreply.github.com>
Date: Wed, 18 Dec 2024 16:37:08 +0000
Subject: [PATCH 2/2] Update volatility-cheatsheet.md

---
 .../memory-dump-analysis/volatility-cheatsheet.md           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md b/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md
index 992df01cc..2bb6eb338 100644
--- a/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md
+++ b/generic-methodologies-and-resources/basic-forensic-methodology/memory-dump-analysis/volatility-cheatsheet.md
@@ -26,13 +26,13 @@ If you need a tool that automates memory analysis with different scan levels and
 
 ```bash
 # Full scan (runs all plugins)
-python3 volatility_forensics.py -f MEMFILE -o OUT_DIR -s full
+python3 autovol3.py -f MEMFILE -o OUT_DIR -s full
 
 # Minimal scan (runs a limited set of plugins)
-python3 volatility_forensics.py -f MEMFILE -o OUT_DIR -s minimal
+python3 autovol3.py -f MEMFILE -o OUT_DIR -s minimal
 
 # Normal scan (runs a balanced set of plugins)
-python3 volatility_forensics.py -f MEMFILE -o OUT_DIR -s normal
+python3 autovol3.py -f MEMFILE -o OUT_DIR -s normal
 
 ```