Peter B

icon indicating a website link dingard.se

icon company Dingard AB icon location Sweden icon location Digital Forensics, IT Security and programming. That's what I do.

Results 6 comments of Peter B

Error for profile 19041

No, both hivelist and hivescan are empty... Maybe something wrong in the profile from the Volatility project, because when using Volatility3 and windows.registry.hivelist.HiveList on the same memory dump it works...

Error for profile 19041

Yes. All the other plugins work with the same profile. Since hivelist and hivescan do not work either I suppose it might be some problems inside the 19041 profile definition.

Ability to change how byte results are displayed

Maybe a luxury thing, but I must say I am really missing the extra information of process name and PID associated with each search hit. Wouldn't it be great to...

Ability to change how byte results are displayed

@ikelos Thanks for the tip and extra information about the project! `vadyarascan` works perfect for my need. I will take a look on the rich clients you mention as well.

Guide for creating a Windows profile for Win10 19042?

@kidrek: My idea was to use the profile downloaded by Volatility 3 to get the values and then translate it to Volatility 2. I started to change the values in...

Guide for creating a Windows profile for Win10 19042?

@Beercow: Wow, thanks a lot for the steps! It worked just great! Remember to name the `dump.txt` to the build version you generate the vtypes from, e.g. `win10_x64_19043_1348_vtypes.py`. Then add...