Ruslan0Dev
Ruslan0Dev
`-moz-linear-gradient(top, rgba(252,255,244,1) 0%, rgba(223,229,215,1) 40%, rgba(179,190,173,1) 100%)` `-moz-linear-gradient(top, rgba(240,183,161,1) 0%, rgba(140,51,16,1) 50%, rgba(117,34,1,1) 51%, rgba(191,110,78,1) 100%)` `-moz-linear-gradient(top, rgba(255,255,255,1) 0%, rgba(243,243,243,1) 50%, rgba(237,237,237,1) 51%, rgba(255,255,255,1) 100%)`
Double-tap events - brain explosion...
@eve-mem ok, i can get hiberfil.sys and memory.dump Need to try something like this?: ``` C:\volatility3>python vol.py -f "E:\pagefile2.sys" -f "E:\hiberfil2.sys" -f "E:\memory.dump" windows.info ``` for reconstruct pagefile2.sys. Did I...
@eve-mem ``` C:\volatility3>python vol.py -vvvvvvv -f "memdump.mem" -f "pagefile.sys" windows.info Volatility 3 Framework 2.5.0 INFO volatility3.cli: Volatility plugins path: ['C:\\volatility3\\volatility3\\plugins', 'C:\\volatility3\\volatility3\\framework\\plugins'] INFO volatility3.cli: Volatility symbols path: ['C:\\volatility3\\volatility3\\symbols', 'C:\\volatility3\\volatility3\\framework\\symbols'] Level 6...
@eve-mem As it turned out, this is not the process of the process but the MFT recording. Accordingly, I made MFT Scan. But offsets there are not valid. I tried...
@ikelos @eve-mem My question is still relevant. Just in case, I will describe the essence again. If I open pagefile.sys in the HEX editor, then by searching through the text...
@ikelos Yes, it works, but I am getting the content as metadata in the memory_layer. Came to a conclusion that in pagefile looks for nothing. https://github.com/volatilityfoundation/volatility3/blob/581c493f4fdb685053b408029dd56f18a3acda78/doc/source/vol-cli.rst?plain=1#L135-L137 Attempt 1 ``` cls&python...
The problem is still relevant and not resolved
I confirm, @tree-s fix works wth 7.1.12 Thanks!
@clearbluejar > wow! that was a long decom param id time! glad it worked it. After several runs (5-7 hours each) with different parameters and conditions, it turns out that...