luizfernandorg
Member
Hi, happy Sunday everyone, I'm practicing with Volatility 3 to scan my memory dump, made using avml, and I ran into doubt because I'm seeing processes on the memory dump that doesn't exist when I run 'ps aux', this processes are: gvfsd-dnssd, gvfsd-network, kworker/u12:1, kworker/u12:3, p11-kit-server, and so on, what can I get from this? are these processes malicious? or ps aux is not showing those processes, those processes are known, right?