ikelos

Thanks for the additional information @No-Github. It looks as though despite the banner and the isfinfo both being in place, volatility isn't finding the isf's banner in the memory image....

Just as an update to this, we've now got an image whose banner gets detected, but pslist doesn't provide any output and doesn't indicate that the profile is bad in...

I think someone else on the community slack has run into this issue. Here's the lines that look relevant from the output: ``` # python3 vol.py -vvvv -f /tmp/dump.mem linux.bash.Bash...

@atcuno Have you had any time to investigate this?

Yep, I've got the sample we were originally sent.

I'm afraid not @oxnan, we don't know for certain what's causing the problem. I'd imagine that the ISF files aren't accurate for some reason. The one sample we had I...

@oxnan it looks as though your version isn't able to find an appropriate ISF JSON file for the image you're running against. That is a different issue, and I'd recommend...

It should, and I'm surprised they haven't worked. I don't think the Qemu layer is relevant, but you can always eliminate it from the equation using the `layerwriter`. Also, you...

Hmmmm, just one thing to check (and this will hopefully be going away soon, depending on #630) but the linux ISF files must be under `symbols/linux` and similarly mac ones...

Hi there, there isn't support for anything like that at the moment, for now you'll need a copy you can edit and then alter the following lines: https://github.com/volatilityfoundation/volatility3/blob/develop/volatility3/framework/constants/__init__.py#L17 We do...