Re: [Vol-users] Problem converting hiberfil.sys
by Christian Herndler
Thanks for your suggestion. I did try hibr2bin.exe, that didn't work
either (error was: "Failed. Cannot open file. Please check if the file
is not being used")
The first page (4096 Byte) of the file is empty - but as far as I know
that shouldn't be a problem.
Christian
On 11/17/2010 02:40 PM, Johnathan Bridbord wrote:
> Christian-
>
> Perhaps try the following syntax:
>
> #python volatility hibinfo -f /tmp/hiberfil.sys -d /tmp/hiberfil.dd
>
> I recommend Matt's standalone windows executable hibr2bin from moonsol.
>
> Thanks,
> JB
> Sent via BlackBerry by AT&T
>
> -----Original Message-----
> From: Christian Herndler <christian(a)herndler.com>
> Sender: vol-users-bounces(a)volatilityfoundation.org
> Date: Wed, 17 Nov 2010 08:55:24
> To: <vol-users(a)volatilityfoundation.org>
> Subject: [Vol-users] Problem converting hiberfil.sys
>
> Hello,
>
> I tried to convert a hiberfil.sys from WindowsXP SP0 German and get the
> following error:
>
> .
> /volatility hibinfo -f /tmp/hiberfil.sys -d /tmp/hiberfil.dd
> Traceback (most recent call last):
> File "./volatility", line 219, in <module>
> main()
> File "./volatility", line 212, in main
> modules[argv[1]].execute(argv[1], argv[2:])
> File "/opt/Volatility/vmodules.py", line 62, in execute
> self.cmd_execute(module, args)
> File "/opt/Volatility/vmodules.py", line 1616, in hibinfo
> hiberAS = WindowsHiberFileSpace32(fileAS,0,0)
> File "/opt/Volatility/forensics/win32/hiber_addrspace.py", line 146,
> in __init__
> for i in range(0,EntryCount):
> OverflowError: range() result has too many items
>
> any ideas ?
>
> Christian
> _______________________________________________
> Vol-users mailing list
> Vol-users(a)volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
13 years, 11 months
- 3
- 3
Problem converting hiberfil.sys
by Christian Herndler
Hello,
I tried to convert a hiberfil.sys from WindowsXP SP0 German and get the
following error:
.
/volatility hibinfo -f /tmp/hiberfil.sys -d /tmp/hiberfil.dd
Traceback (most recent call last):
File "./volatility", line 219, in <module>
main()
File "./volatility", line 212, in main
modules[argv[1]].execute(argv[1], argv[2:])
File "/opt/Volatility/vmodules.py", line 62, in execute
self.cmd_execute(module, args)
File "/opt/Volatility/vmodules.py", line 1616, in hibinfo
hiberAS = WindowsHiberFileSpace32(fileAS,0,0)
File "/opt/Volatility/forensics/win32/hiber_addrspace.py", line 146,
in __init__
for i in range(0,EntryCount):
OverflowError: range() result has too many items
any ideas ?
Christian
13 years, 12 months
- 1
- 0