Which volatility plugin shows the command line path for a recently launched application?
Which volatility plugin shows the command line path for a recently launched application?
The correct plugin in Volatility to show information about the command line path for a recently launched application is 'pslist'. This plugin lists the active processes on the system, and provides details such as the process ID, parent process ID, and in some configurations, the command line used to start the process. The other options ('hivelist', 'dlllist', and 'netscan') do not provide information about the command line paths for applications.
Correct answer is CmdLine but that is not listed in the options
PSlist Book 2 Page 72
The Pslist plugin lists processes, Netscan shows networking (active network connections and sockets)
None, it's CmdLine