volatility3.framework.constants.windows package
Volatility 3 Windows Constants.
Windows-specific values that aren’t found in debug symbols
- KERNEL_MODULE_NAMES = ['ntkrnlmp', 'ntkrnlpa', 'ntkrpamp', 'ntoskrnl']
The list of names that kernel modules can have within the windows OS