Andrew Case
Andrew Case
Could you please do a git pull from master and then: git checkout -b bitmap_crashdumps and then re-run analysis. Please let me know the results while running on this branch.
Is Volatility producing broken/missing output using --profile=Win10x64_18362 ? If so, can you please paste the full command line input/output?
How was memory acquired? Can you paste the input to Volatility as well
Can you please paste the full Volatility command line input and output? Can you also verify that you are using the latest source code checkout from GitHub?
Please run: python vol.py -f /home/kali/Desktop/MEMDUMP/User/MEMORYtest.DMP --profile=Win10x64_17134 kdbgscan and paste the full results. Also, please ensure you use the latest master branch checkout.
Yes, you installed the latest Volatility source correctly. In order to help verify that the capture is stable, could you please performing the following and report the full results: 1)...
@ipptac Could you please paste the output from WinDbg !process ?
@ipptac Can you also please run the crashinfo plugin of Volatility with --profile=Win10x64_ 18362 set (assuming 64bit, change to Win10x86_ 18362 if 32bit)
> It does not recognise that profile ( i have assumed the whitespace was a typo) i am running the latest version of volatility 2.6.1 > > I have also...
@ipptac @eightymg after you git pull to be up-to-date with master, please do: git checkout -b bitmap_crashdumps and then re-run Volatility and let me know if you get better results.