Contribution
by Joel Anderson
Hello Volatility Devs,
I'm currently a student in a Digital Forensics class. We have used your
wonderful tool to do memory dumps. We now have a project to contribute to
an open source project. I was wondering if there was anything that I could
contribute to the Volatility project. My strong point isn't in programming,
but I have had an introduction to it. I don't know if there's any
documentation you'd like to have updated, or whatever. I look forward to a
response.
Warm Regards,
*Joel Anderson*
Brigham Young University - April 2014
Masters of Information Systems Management
(208) 570-7253
12 years, 1 month
- 2
- 1
2.3 and dumpfiles
by McCash John-GKJN37
Hey Guys,
I've been waiting patiently while drooling for the new 2.3 release since October. I have several old cases where all I have is a memory image, and I'd like to be able to go back and dump out the registry hive files for manual examination. I keep checking back, but there's still no sign of dumpfiles being committed to the source repository. Does anyone have a good idea of when 2.3 is really likely to come out, and whether dumpfiles will actually be included?
If it's not coming soon, would there be any chance of getting a prerelease copy for testing? I'd be happy to send back debug info for any cases where it's broken.
Thanks much
John McCash
12 years, 1 month
- 3
- 2
linux_tmpfs plugin
by Sebastien Bourdon-Richard
Hi,
I am looking at the linux_tmpfs plugin and have a problem that I think is
related to Windows. The problem happens when I try to extract tmpfs files.
I'm not a python programmer but it seems to be related to str vs the String
module.
If I patch tmpfs.py and I convert the "String" module into str, everything
works as expected:
new_file = os.path.join(parent, *str(name)*)
(
https://code.google.com/p/volatility/source/browse/trunk/volatility/plugins…
)
Here's my error with tmpfs.py r3097:
H:\Volatility\Volatility2.3SVN-3070>python vol.py -f Evo4GRodeo.lime
--profile=LinuxEvo4Gx86 linux_tmpfs -S 1 -D app-cache
Volatile Systems Volatility Framework 2.3_alpha
WARNING : volatility.obj : Overlay structure tty_struct not present in
vtypes
WARNING : volatility.obj : Overlay structure cpuinfo_x86 not present
in vtypes
Traceback (most recent call last):
File "vol.py", line 186, in <module>
main()
File "vol.py", line 177, in main
command.execute()
File
"H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\common.py",
line 57, in execute
commands.Command.execute(self, *args, **kwargs)
File "H:\Volatility\Volatility2.3SVN-3070\volatility\commands.py", line
111, in execute
func(outfd, data)
File
"H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py",
line 177, in render_text
for (i, path) in data:
File
"H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py",
line 160, in calculate
self.walk_sb(root_dentry)
File
"H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py",
line 108, in walk_sb
self.process_directory(root_dentry, parent = cur_dir)
File
"H:\Volatility\Volatility2.3SVN-3070\volatility\plugins\linux\tmpfs.py",
line 72, in process_directory
new_file = os.path.join(parent, name)
File "H:\Python27\lib\ntpath.py", line 73, in join
elif isabs(b):
File "H:\Python27\lib\ntpath.py", line 57, in isabs
s = splitdrive(s)[1]
File "H:\Python27\lib\ntpath.py", line 125, in splitdrive
if p[1:2] == ':':
TypeError: 'String' object has no attribute '__getitem__'
Is there something I can do to correct the problem from my side or should I
open an issue on google code?
Regards,
Sebastien
12 years, 1 month
- 2
- 1