Andrew Case
Andrew Case
Can you copy/paste the process you used to generate the profile? Can you also run the following and paste the result? $ strings -a "path to memory sample" | grep...
> @atcuno I had the same problem。 > > ``` > ./vol.py --info | grep Linux > Volatility Foundation Volatility Framework 2.6.1 > LinuxUbuntu1404x64 - A Profile for Linux Ubuntu1404...
For Volatility 3, we are looking into supporting more flexible and varying options for ways for people to get the data structures included. We will likely have a module.c equivalent,...
That sounds great @gilanghamidy ! We are actively experimenting with different approaches to Linux profile support in Volatility 3, so your tool could definitely be useful in our experiments. You...
Hey, That is strange. What is the profile you are using?
@swepeba fmem is an extremely old and unsupported tool. It also is extremely hard to get right. Could you please use a different acquisition method and see if you have...
@mathcrosp Was the Volatility profile built on the system where the capture was taken? Also, if you acquired from a VM with Lime could you please re-acquire? It often has...
Volatility is routinely used to analyze samples of 64GB, 128GB, and beyond. If you can give some more specifics, such as: - Version of Volatility used - Acquistion method used...
It looks like you don't have permission to read the file: ``` FileAddressSpace - EXCEPTION: [Errno 13] Permission denied: 'C:\\Users\\...\\volatility\\MEMORY.DMP' ```
What is the size of the crash dump? Are complete dumps configured?