[Vol-dev] Re: [Vol-users] Volatility 2.1 RC1 is available
17 Jul
2012
17 Jul
'12
10:09 a.m.
I experienced one odd thing; when using the env variable
VOLATILITY_LOCATION, volatility complains that "No suitable address space
mapping found", however when the file is specified on the command line, all
is well. Output below:
root@Forensic-1:/case2/mem# vol.py --dtb=0x187000 psscan
Volatile Systems Volatility Framework 2.1_rc1
Offset(P) Name PID PPID PDB Time
created Time exited
------------------ ---------------- ------ ------ ------------------
-------------------- --------------------
No suitable address space mapping found
Tried to open image as:
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
AMD64PagedMemory: No base Address Space
JKIA32PagedMemory: No base Address Space
JKIA32PagedMemoryPae: No base Address Space
IA32PagedMemoryPae: Module disabled
IA32PagedMemory: Module disabled
FileAddressSpace: Location is not of file scheme
root@Forensic-1:/case2/mem# echo $VOLATILITY_LOCATION
/case2/mem/myimage.vmss
root@Forensic-1:/case2/mem# unset VOLATILITY_LOCATION
root@Forensic-1:/case2/mem# vol.py --dtb=0x187000 psscan
Volatile Systems Volatility Framework 2.1_rc1
ERROR : __main__ : Please specify a location (-l) or filename
(-f)
root@Forensic-1:/case2/mem# vol.py --dtb=0x187000 -f myimage.vmss psscan
Volatile Systems Volatility Framework 2.1_rc1
Offset(P) Name PID PPID PDB Time
created Time exited
------------------ ---------------- ------ ------ ------------------
-------------------- --------------------
0x0000000006107040 System 4 0 0x0000000000187000
2012-04-12 07:14:16
0x0000000006139b30 residentagent. 1248 1132 0x0000000128a0e000
2012-04-12 07:16:03
0x00000000061ba900 msdtc.exe 2164 484 0x00000001199a8000
2012-04-12 07:16:37
<snip>
On Mon, Jul 16, 2012 at 9:45 AM, Michael Hale Ligh
<michael.hale(a)gmail.com>wrote;wrote:
Hey everyone,
The 2.1 RC1 downloads are now available [1]. Per the usual, there are zip
and tar archives of the source code, a windows module installer, and a
standalone windows executable (with python and all dependencies
build-in). We ask that you test vigorously over the next 2 weeks,
especially with any x64 images, and let us know via the issue tracker [2]
if you run into any bugs. At the end of July, we'll announce the official
release of 2.1.
Also, a lot of the documentation [3] has been updated, including the FAQ,
command reference, features by plugin matrix, and roadmap, so that may be a
useful resource to you when using 2.1.
Thank you very much!
[1]. http://code.google.com/p/volatility/downloads/list
[2]. http://code.google.com/p/volatility/issues/list
[3]. http://code.google.com/p/volatility/w/list
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
--
Jesse Bowling
Attachments:
- attachment.html (text/html — 4.1 KB)