volatilityfoundation
windows 10x64 19....
Is Volatility producing broken/missing output using --profile=Win10x64_18362 ? If so, can you please paste the full command line input/output?
*** Failed to import volatility.plugins.registry.shutdown (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.getservicesids (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.timeliner (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.malware.servicediff (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.registry.userassist (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.getsids (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.registry.shellbags (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.evtlogs (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.registry.shimcache (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.tcaudit (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.registry.dumpregistry (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.registry.lsadump (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.registry.amcache (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.malware.svcscan (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.registry.auditpol (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.registry.registryapi (ImportError: No module named Crypto.Hash) *** Failed to import volatility.plugins.envars (ImportError: No module named Crypto.Hash) Type Callback Module Details
No suitable address space mapping found Tried to open image as: MachOAddressSpace: mac: need base LimeAddressSpace: lime: need base WindowsHiberFileSpace32: No base Address Space WindowsCrashDumpSpace64BitMap: No base Address Space VMWareMetaAddressSpace: No base Address Space WindowsCrashDumpSpace64: No base Address Space HPAKAddressSpace: No base Address Space VirtualBoxCoreDumpElf64: No base Address Space VMWareAddressSpace: No base Address Space QemuCoreDumpElf: No base Address Space WindowsCrashDumpSpace32: No base Address Space SkipDuplicatesAMD64PagedMemory: No base Address Space WindowsAMD64PagedMemory: No base Address Space LinuxAMD64PagedMemory: No base Address Space AMD64PagedMemory: No base Address Space IA32PagedMemoryPae: No base Address Space IA32PagedMemory: No base Address Space OSXPmemELF: No base Address Space MachOAddressSpace: MachO Header signature invalid LimeAddressSpace: Invalid Lime header signature WindowsHiberFileSpace32: No xpress signature found WindowsCrashDumpSpace64BitMap: Header signature invalid VMWareMetaAddressSpace: VMware metadata file is not available WindowsCrashDumpSpace64: Header signature invalid HPAKAddressSpace: Invalid magic found VirtualBoxCoreDumpElf64: ELF Header signature invalid VMWareAddressSpace: Invalid VMware signature: 0x0 QemuCoreDumpElf: ELF Header signature invalid WindowsCrashDumpSpace32: Header signature invalid SkipDuplicatesAMD64PagedMemory: No valid DTB found WindowsAMD64PagedMemory: No valid DTB found LinuxAMD64PagedMemory: Incompatible profile Win10x64_18362 selected AMD64PagedMemory: No valid DTB found IA32PagedMemoryPae: Incompatible profile Win10x64_18362 selected IA32PagedMemory: Incompatible profile Win10x64_18362 selected OSXPmemELF: ELF Header signature invalid FileAddressSpace: Must be first Address Space ArmAddressSpace: No valid DTB found
- DumpIT
- python vol.py -f /home/kali/Desktop/DESKTOP-GPT8KQF-20200528-202828.raw --profile=Win10x64_18362 callbacks > /home/kali/Desktop/api2.txt
Please reference #720, I think Volatility will need to update newer Windows verions. But they are doing their work with Volatility 3, so you might have to wait quite long.
