ikelos

Yes please! We're always happy to review contributions! I can't say whether it'll get included, but at least if there's a PR people may find it. If you could put...

Hi @resposo , Thanks for your questions, I'll hopefully be able to clarify them a little for you: 1. Volatility 3 takes raw memory images (often referred to as memory...

For windows there is a `memmap` plugin that might be able to nicely give you the allocated/unallocated memory map. The `strings` plugin also goes through determining which parts of memory...

Hi, volatility 3 doesn't read pdb files directly, they need converting into JSON, but volatility should have found a windows signature and generated it automatically *if* you were providing a...

I've just pushed a new commit (`9edf33b7`) that should improve debugging output with `-vvvvvvv` to tell you why the crashdump format isn't supported.

Sorry, some of that was a slight mistake on my part, you should probably give it another go, the error above was likely from attempting to stack the 32-bit crash...

Commit `8dbc64f4` should function better (and hopefully will tell you why it's not happy) (the "bad magic" messages are from the Elf and XenCore stackers, so can be safely ignored.

Yep, this is just a partial crashdump, as indicated by `unsupported dump format 0x6`. Volatility doesn't support partial crashdumps because we can't know what has and hasn't been included. There...

Thanks, that's not quite enough to go on, please include the output with at least 3 vs (so `vol.py -vvv ...`). Also, please let us know how you acquired the...

Hi there, so the swap support should work, but is very likely under-tested. Windows stores swap in multiple different locations, and can have up to 15 different swap locations. Those...