ikelos

If a plugin has a sanity check that says data's definitely wrong, then we can add either a format type hint, or another BaseAbsentValue type. There's a way of achieving...

From the original author: I wonder why is that no equivalents to the impscan and psxview plugins in the python 3 version of volatility , if there's any i deeply...

Might be ones of interest to @iMHLv2 ?

No problem, thanks for working on this! We'll leave this open, and keep an eye on it to see when it's done... 5:)

The problem we have with returning partial results is that we need to let the user know that they were partial results, which means the UI needs to know what's...

Sure, there's no rush! 5:) You're right it doesn't really make the distinction to the user, but it was more intended for developers to be aware. It is really as...

Hiya, could you rerun it with at least `-vvvv` please? That should tell us what the automagic's doing and why it's not succeeding...

Ok, so it has stacked the intel layer, so it's during the hunt for the kernel offset that it's having difficulty. You said that volatility 2 ran it ok, could...

Hmmmm, 0x1ad002 is pretty strange, the DTB (should) always start on a page boundary, which I suspect is why there's no problem using it for vol2. The kernel's also loaded...

The other option is to create a json file as follows: ``` { "primary.class": "volatility.framework.layers.intel.WindowsIntel32e", "primary.kernel_virtual_offset": 272702373990400, "primary.memory_layer.class": "volatility.framework.layers.physical.FileLayer", "primary.memory_layer.location": "file:/path/to/memory.raw", "primary.page_map_offset": 1757186 } ``` And see whether that works?...