volatility

volatility copied to clipboard

I observed that in multiple files, PEP guidelines like max characters in a line, and EOF are missing. There are some more instances that can be enforced to follow PEP-8...

vybhav72954

Add fix for missing cookie value when using a Windows 10 profile

2

Use YARA and the DiscontigYaraScanner from malfind to find the address of nt!ObGetObjectType. Also put in a safeguard against TypeError when the nt!ObHeaderCookie value can't be obtained. Fixes #436.

oold

What is maximum size of memory volatility can analyze ?

1

I have had a digital forensics case when volatility can't analyze a ram image, it was 64 GB.

Rootlente

Linux memory dump gives error "No suitable address space mapping found"

5

I have a Linux Ubuntu x64 memory dump named "username_memory_dump.bin". I have installed volatility latest version and created custom profile for LinuxUbuntux64 as show below: ``` $ volatility --plugins=plugins/ --info...

krunal-dm

Hi, I run iehistory plugin on one memory dump from two different system (with same volatility version). But I get two different results. Where can the problem be?  

ymgh96

python vol.py -f Win10_17134.dmp --profile=Win10x64_17134 volshell >>> dt('_SEGMENT_HEAP') Traceback (most recent call last): File "", line 1, in File "/home/shx/volatility-master/volatility/plugins/volshell.py", line 382, in dt size = profile.get_obj_size(objct) File "/home/shx/volatility-master/volatility/obj.py", line...

hanxu-a

I'll try and keep it short. I am a massive novice with this sort of thing and I'm only doing this to try and find video-game files that were "unlocked"...

Eleiyas

Arm64

13

Hello! This merge request is addressing https://github.com/volatilityfoundation/volatility/issues/687 - adding arm64 linux support for volatility. I would be very happy to hear your comments on code and fix as needed. Most...

tsahee

I am creating a profile for volatility to analyze my image "ram-dump.lime" but I got following errors. I downloaded volatility using link https://github.com/tsahee/volatility.git -b arm64". When I run command "python2...

beena113

Plan to add NUMA support?

3

Hi, I am trying to analyze a Linux 2.6.28 memory dump. The kernel is built with CONFIG_DISCONTIGMEM=y. I get this error while trying to use "linux_find_file" plugin - "phys_addr_of_page: Unable...

JohCn