Andrew Case
Andrew Case
``` Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script exec(script_code, namespace, namespace)...
``` Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script exec(script_code, namespace, namespace)...
``` Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script exec(script_code, namespace, namespace)...
From a file extracted from memory: ```Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501,...
```Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in __import__('pkg_resources').run_script('python-evtx==0.6.1', 'evtx_dump.py') File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 739, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1501, in run_script exec(script_code, namespace, namespace) File...
Got this backtrace on a file pulled from memory during an investigation. Let me know if you need/want anymore information. It parses a couple XML records before backtracing. ``` Traceback...
Got this backtrace on a file pulled from memory during an investigation. Let me know if you need/want anymore information: ```Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4, in...
Got this backtrace on a file pulled from memory during an investigation. Let me know if you need/want anymore information: ``` Traceback (most recent call last): File "/usr/local/bin/evtx_dump.py", line 4,...
I was testing using scalpel as a library and looked at libscalpel_test.cpp as a base. I wanted to use the library in preview mode (just get the resulting audit.txt), but...
**Describe the bug** Running windows.handles on a memory sample that Volatility 2 supports fully causes a strange backtrace in Vol3: ``` # python3.8 vol.py -f data.lime windows.handles --pid 3704 Volatility...