From 71b55ba2d6f27263c4ba6923e91c30ef89a7513b Mon Sep 17 00:00:00 2001
From: CPol <carlospolop@gmail.com>
Date: Sat, 19 Dec 2020 00:21:32 +0000
Subject: [PATCH] GitBook: [master] one page modified

---
 forensics/volatility-examples.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/forensics/volatility-examples.md b/forensics/volatility-examples.md
index fb53a1b96..87bffa639 100644
--- a/forensics/volatility-examples.md
+++ b/forensics/volatility-examples.md
@@ -121,7 +121,7 @@ The **kernel debugger block** \(named KdDebuggerDataBlock of the type \_KDDEBUGG
 
 Extract password hashes from memory
 
-```text
+```bash
 volatility --profile=Win7SP1x86_23418 hashdump -f ch2.dmp   #Local hashes
 volatility --profile=Win7SP1x86_23418 cachedump -f ch2.dmp
 volatility --profile=Win7SP1x86_23418 lsadump -f ch2.dmp    # LSA secrets
@@ -141,7 +141,7 @@ volatility -f ch2.dmp --profile=Win7SP1x86 memdump -p 2168 -D conhost/
 
 Try to find **suspicious** processes \(by name\) or **unexpected** child **processes** \(for example a cmd.exe as a child of iexplorer.exe\).
 
-```text
+```bash
 volatility --profile=PROFILE pstree -f DUMP # Get process tree (not hidden)
 volatility --profile=PROFILE pslist -f DUMP # Get process list (EPROCESS)
 volatility --profile=PROFILE psscan -f DUMP # Get hidden process list(malware)