Re: [Vol-dev] A few questions
13 May
2008
13 May
'08
10:40 p.m.
Could you possibly provide us some information about
the system you are
running Volatility on? Version of Python? Hardware architecture
(64/32/bit)? OS? We are unable to generate the same error when
processing that image using Volatility 1.1.1.
Certainly!
~> uname -a
Linux 2.6.22 #2 SMP Sat Oct 27 21:21:34 EDT 2007 x86_64 GNU/Linux
~> cat /etc/debian_version
lenny/sid
~> python --version
Python 2.5.2
~> cat /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 67
model name : AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
stepping : 3
cpu MHz : 2800.000
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 2
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext
fxsr_opt rdtscp lm 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm
extapic cr8_legacy
bogomips : 5605.06
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp tm stc
processor : 1
vendor_id : AuthenticAMD
cpu family : 15
model : 67
model name : AMD Athlon(tm) 64 X2 Dual Core Processor 5600+
stepping : 3
cpu MHz : 2800.000
cache size : 1024 KB
physical id : 0
siblings : 2
core id : 1
cpu cores : 2
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 ht syscall nx mmxext
fxsr_opt rdtscp lm 3dnowext 3dnow pni cx16 lahf_lm cmp_legacy svm
extapic cr8_legacy
bogomips : 5602.55
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp tm stc
Let me know if there's anything else I can provide.
The 1.2 version was never officially released. It was
only made available
to users who were experiencing bugs with 1.1.1 or had feature requests.
We would be more than happy to send you an updated version, if are
interested. The next official release will be 1.3.
I would love to see the latest version you have and try it out on some
possible lab exercises. I'll report back any other bugs to help you
iron out your release if you like.
We would also be more than happy to provide
suggestions. What type of
audience are you expecting? Are you planning to do some kind of demo or
walk through an example scenario? There will also be a number of features
in Volatility 1.3 that they will find very interesting.
We expect some security-savvy folks to be at this training, but I can't
entirely sure. Our lab format is a set of units which start with a
short lecture and follows up with labs that lead students through a set
of specific commands to show them how to get at the data. The
workstations they use will be Linux-based and we have full control over
that environment, so we could use unstable versions of software if
needed, so long as the specific commands we give them to try work out.
If you are an IRC
user, you may also consider logging into the #volatility channel on
freenode. On that channel, you will find the developers of all the memory
analysis tools.
Great, just found the channel. Thanks.
tim