drop volatility output csvs or memory analysis exports · reconstruct temporal sequence of events from memory · process creation times · network connection times · registry modification times · file access times · runs locally
volatility exports
drop pslist · netscan · consoles · cmdline
or click
drop volatility pslist · netscan · consoles · cmdline csv