[Vol-dev] Problem with Linux Volatility

Hi Folks, Sorry you only seem to hear from me about once a year, but I got fired up over Joe's & Andrew's Forensic Summit presentations and resolved to try out the new stuff in the Linux & Mac branches. Unfortunately I don't seem to have gotten very far with it. I've got the scudette branch installed on a SIFT Kit VM, and have successfully used LiME to dump memory from it. I've also successfully created a profile for the SIFT Kit's 2.6.31-23-generic kernel, using json I successfully dumped from module_dwarf.ko. I even tried the live /dev/pmem memory interface you get when you load up the pmem.ko module. When I attempt to run Volatility , here's what happens... root@SIFT-Workstation:~/Desktop/linux_Volatility/lin64-support# python vol.py The Volatility Memory Forensic Framework technology preview (3.0_tp1). NOTE: This is pre-release software and is provided for evauation only. Please check at http://volatility.googlecode.com/ for officially supported versions. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License. ERROR:root:Fatal Error: cannot fit 'long' into an index-sized integer ERROR:root:Fatal Error: cannot fit 'long' into an index-sized integer ERROR:root:Failed running plugin pslist: kernel_address_space not specified. ERROR:root:Error: 'NoneType' object has no attribute 'name' Traceback (most recent call last): File "<console>", line 1, in <module> File "/home/sansforensics/Desktop/linux_Volatility/lin64-support/volatility/session.py", line 292, in vol self.last = super(InteractiveSession, self).vol(*args, **kwargs) File "/home/sansforensics/Desktop/linux_Volatility/lin64-support/volatility/session.py", line 154, in vol ui_renderer.start(plugin_name=result.name, kwargs=kwargs) AttributeError: 'NoneType' object has no attribute 'name' Am I doing something brain-damaged? Thanks John