ramdisk

by | posted: October 12, 2018 0 Comment
Name: ramdisk
Retrieves all the ramdisk currently mounted in the target system.: Identify if an attacker is using temporary, memory storage to avoid touching disk for anti-forensics purposes

Query: 
select * from block_devices where type = 'Virtual Interface';
Additional Query Info:
Version: 1.4.5
Platform: posix
Interval: 3600

JSON: 
{
  "queries": {
    "ramdisk": {
      "query" : "select * from block_devices where type = 'Virtual Interface';",
      "interval" : "3600",
      "platform" : "posix",
      "version": "1.4.5",
      "description" : "Retrieves all the ramdisk currently mounted in the target system.",
      "value" : "Identify if an attacker is using temporary, memory storage to avoid touching disk for anti-forensics purposes"
    }
  }
}
OSquery

admin

View all posts by admin »»

Recent Posts

You must be logged in to post a comment.

Proudly powered by WordPress   Premium Style Theme by www.gopiplus.com