volatility

volatility copied to clipboard

My project is to analyze Android RAM physical dump acquired using LiME tool. I am trying to acquire the image from a long time but no luck. For analysis I...

beena113

Hi! I am trying to use the `linux_process_stack` plugin (this one https://github.com/volatilityfoundation/volatility/blob/master/volatility/plugins/linux/process_stack.py). The environment is a Linux machine with Ubuntu 18.04. I am wondering, is this plugin is still maintained?...

tregua87

I create this issue to inform the community that a version of Volatility 2.x compatible with Python3.6+ is available here : https://github.com/koromodako/volatility It is not Volatility3 obviously and does not...

koromodako

The getkcore.c PoC didn't work with KASLR enabled, this commit fixes the bug. It finds the RAM regions in kcore by using program header's physical addresses instead of using the...

v14dz

I am having errors locating my dump file Location of the dump file according to pwd: /home/kali/volatility/volatility/plugins/overlays/linux Command I am trying: ./volatility --plugins=/home/kali/volatility/plugins/overlays/linux -f machine3.final.dump --profile=LinuxCentOS_3_10_0-1127_el7_x86_64_profilex64 linux_pslist My teacher told...

yendle

Cuckoo on Ubuntu VM - AddrSpaceError: No suitable address space mapping found

4

Hello, I've correctly configured Volatility 2.5 to work with Cuckoo 2.0.7 on Ubuntu host. Memory dump works with Windows guest. I added an Ubuntu guest VM on cuckoo and I...

sandyboxy

The netscan plugin does no longer work on Windows version 18363: addresses and ports of UDP listening are incorrect. Solution: Change offsets in volatility/plugins/overlays/windows/tcpip_vtypes.py. ATTENTION: I am using the profile...

mikevsunny

The struct proc_dir_entry is used in the plugin linux_check_fop. The struct was defined in module.c only in kernel versions greater than 3.13, causing an error when running linux_check_fop on systems...

liamnesson0111

Support for Windows 10 build 19041

8

I am using Windows 10 build 19041 I read a couple issue and found that this version of windows is not officially supporter with volatility 2.6.1. I lack the ability...

psc2350

filescan doesn't work

1

I have this error when I perform a filescan or a psscan: python vol.py -f Desktop_cs3.raw --profile=Win10x64_17763 filescan Volatility Foundation Volatility Framework 2.6.1 Offset(P) #Ptr #Hnd Access Name ------------------ ------...

D4M0N1979