Re: [Vol-dev] A few questions
13 May
2008
13 May
'08
8:35 p.m.
Tim,
Thanks for the email. We are always excited to help people get involved
with the project. Contributions are always encouraged and appreciated!
However, I have run in to a problem. I'm trying
to get familiar with
the tools using the Windows XP images available in:
http://www.cfreds.nist.gov/mem/memory-images.rar
Sorry you have caught us in the midst of a transition. We will soon be
releasing a lot of new functionality with Volatility 1.3. I believe the
error message you are getting has been fixed in the upcoming release. If
you are interested, we can send you a newer version from 1.2 branch to
test.
Could you possibly provide us some information about the system you are
running Volatility on? Version of Python? Hardware architecture
(64/32/bit)? OS? We are unable to generate the same error when processing
that image using Volatility 1.1.1.
Since I'm running Volatility 1.1.1, I'd guess
that this may have already
been fixed in 1.2.* or 1.3.*. I've read through all of the mailing list
archives and scoured your project site, but I can't seem to find those
newer versions for download. Perhaps I'm just totally missing
something. Could someone point me in the right direction to get the
latest version? SVN or other development repository would be fine, I
don't mind messing with bleeding edge stuff.
The 1.2 version was never officially released. It was only made available
to users who were experiencing bugs with 1.1.1 or had feature requests. We
would be more than happy to send you an updated version, if are
interested. The next official release will be 1.3.
The second reason for my post is that I'll be
giving an introductory
training course on incident response and digital forensics next month,
and I had considered introducing students to volatility and other memory
analysis tools. Do you folks have suggestions as to which features of
volatility would be the best to showcase in that type of setting?
We would also be more than happy to provide suggestions. What type of
audience are you expecting? Are you planning to do some kind of demo or
walk through an example scenario? There will also be a number of features
in Volatility 1.3 that they will find very interesting. If you are an IRC
user, you may also consider logging into the #volatility channel on
freenode. On that channel, you will find the developers of all the memory
analysis tools.
Thanks,
AW