Hi Jason,
I think you sent this only to me by mistake :-) I'm forwarding this
to the list so others can respond to you.
As for other OS's it there's been some discussion related to this
recently on the users list you can check out too:
http://lists.volatilityfoundation.org/pipermail/vol-users/2010-January/thre…
But yes, you should be able to extend Volatility to include other OS's.
All the best,
-Jamie
---------- Forwarded message ----------
From: Jason Reynolds <JReynolds(a)pathwayforensics.com>
Date: Wed, Jan 6, 2010 at 5:13 PM
Subject: RE: [Vol-dev] Re: Vol-dev Digest, Vol 14, Issue 1
To: Jamie Levy <jamie.levy(a)gmail.com>
Hi All,
A similar question to John's, but also a little different --
Is there a place where the format of ram allocation and DTB's are
documented, or is the best
documentation simply disassembling the associated operating system?
I am curious to know if additional OS's could be easily added to
volatility. If there is sufficient
documentation on the OS it should be relatively simple to write a parser.
Thanks in advance.
Hi John,
You can check out the entire branch like so:
svn checkout http://volatility.googlecode.com/svn/branches/Volatility-1.4_beta1/
volatility
All the best,
-Jamie
> Date: Wed, 6 Jan 2010 09:02:15 -0500
> From: "McCash John-GKJN37" <john.mccash(a)motorola.com>
> Subject: RE: [Vol-dev] Possible Volatility Bug
> To: "Mike Auty" <mike.auty(a)gmail.com>
> Cc: vol-dev(a)volatilityfoundation.org
> Message-ID:
> <D8DFDF3C534B344B9A266EB03CC828BB049270A3(a)de01exm71.ds.mot.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Mike,
> I'm running the version pulled from SVN this morning, 1.3.1
> (08.09.2009). How would I list the candidate DTB addresses? The way I
> found out about this problem originally was to just email Peter the
> error from memorize. He instantly recognized the problem. Also, how
> would I get the 1.4 branch to try out? Apologies for the dumb questions.
> I'm reasonably bright, but I only use this thing about once every four
> months.
> Thanks lots
> John
Mike,
I'm running the version pulled from SVN this morning, 1.3.1
(08.09.2009). How would I list the candidate DTB addresses? The way I
found out about this problem originally was to just email Peter the
error from memorize. He instantly recognized the problem. Also, how
would I get the 1.4 branch to try out? Apologies for the dumb questions.
I'm reasonably bright, but I only use this thing about once every four
months.
Thanks lots
John
-----Original Message-----
From: Mike Auty [mailto:mike.auty@gmail.com]
Sent: Wednesday, January 06, 2010 7:48 AM
To: McCash John-GKJN37
Subject: Re: [Vol-dev] Possible Volatility Bug
Hiya John,
First off could you please specify which version of volatility you're
using (whether you're using a tarball, or the sources from subversion)?
Also, whilst I can't comment too well on the 1.3 branch, I don't think
Windows 2003 is supported, I believe it's mostly aimed at XP SP2.
Having said that, it is possible to manually specify a DTB in the 1.4
branch using --dtb and in the 1.3 branch using -b (although for 1.3 this
is probably plugin dependent).
I'll leave it to someone who's been working with Volatility longer to
give you a more in-depth answer once you let us know which version you
were using, but hopefully this'll let you work around the problem for a
bit... 5:)
Mike 5:)
Hey Folks,
I was just reading Gleeda's blog & CEIC presentation,
and was interested to discover that Volatility modules had been written
for Linux and Vista. Now I'm wondering why these modules haven't shown
up anywhere I can see them, including in the public view of the SVN
repository. After digging for a bit, I did see that they (or at least a
modified version of the Linux ones) have apparently been incorporated
into the Pyflag distribution, but that just caused me more confusion. If
they're stable enough to release as part of Pyflag, why aren't they in
the public Volatility repository?
Also, are you expecting to release an 'official' update
anytime soon? The last update available from the main Volatility page is
still 1.3_Beta. Is there some defined list of fixes or features that has
to be ready before an 'official' 1.3 version is released? Or has that
been bypassed, so that current work is really going toward 1.4? Maybe a
roadmap section would make a good addition to the main Volatility page.
I'm sure there are a lot of people who would be interested in what's
going on.
Thanks much (Sorry if I sound like I'm
ranting, you guys really have done some awesome work!)
John
----------------------------------------------------------
Quis custodiet ipsos custodes?... I do!
