volatility

volatility copied to clipboard

Volatility 2.6 hangs on imageinfo command Ubuntu 16.04

10

I just installed volatility 2.6 on Ubuntu 16.04 64-Bit, created a profile, and dis a memory dump with lime. On trying to analyze it I am trying to get info...

Gbengat

add VMI AddressSpace

14

Hi ! This PR aims to bring the support of a new address space based on virtual machine introspection. ping @asabellico since she looked at the issue I opened a...

Wenzel

Volatility Plugin "cmdscan" and "Consoles" doesn't work for Windows 10 Memory

4

Hi, I am analyzing the windows 10 memory dump using "Win10x64_17763" and noticed some of the volatility plugin such as cmdscan, consoles doesn't work for windows 10. Wondering , if...

lapchapkok

In [linux.py](https://github.com/volatilityfoundation/volatility/blob/master/volatility/plugins/overlays/linux/linux.py), an invalid zip file is ignored. Instead, a Warning should be generated, or as per the comment, an exception should be generated. This behavior led to hours of...

EmperorArthur

https://github.com/volatilityfoundation/volatility/blob/703b29be247c17f63c844590102495c19826ccec/volatility/plugins/linux/pslist.py#L81 Should a judgment be added to the dtb variable?

N1neSun

Wndows 10 Memory Compression

2

This PR adds the ability to read compressed pages within Windows 10 memory captures by introducing a new address space. Additional plugins are provided to help demonstrate the capability, register...

MalwareMechanic

Latest version cloned with git today. I tried using few time the yarascan plugin with the -Y switch providing the "text" I am looking for. No results. So I tried...

Luke4N6

Windows 10 x64 psscan error: ^: 'int' and 'NoneType'

33

Note: `Win10x64_14393` is the correct profile for this memory sample. ``` $ python vol.py -f Windows\ 10\ x64-c4aa8f1b.vmem --profile=Win10x64_14393 psscan Volatility Foundation Volatility Framework 2.6 Offset(P) Name PID PPID PDB...

gleeda

0 processes, 0 modules for every kernel. Win10_17134

20

Hi all. Been working with Volatility for a decent amount of time now, pretty familiar with how it is supposed to work but I would still consider myself wet behind...

eightymg

Cannot detect Win10x64_18362 crash dump

5

I generated a crash dump on Windows 10 OS build 18362.900, and Volatility does not recognize the profile. This is the output for `imageinfo`: `Volatility Foundation Volatility Framework 2.6.1` `INFO...

joezbub