-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi folks,
Sorry for the short notice. We have 4 seats available for our Malware
and Memory Forensics Training class in Ottawa in February. Send me a
note if you're interested. It will probably be the only time we're in
Canada in 2015.
Cheers!
MHL
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iF4EAREKAAYFAlS0MwUACgkQXnt9v1O0LItfcAD+O6PZ8v4/nowcwbW3z8SCNMf1
KUXdE4fFu5jEUivfJYIA/0DzpkzsaViQ//bwuRse3kKGnrAmTwKVFpfZMJiAWO8j
=N5qi
-----END PGP SIGNATURE-----
WARNING : volatility.obj : NoneObject as string: Pointer Owner invalid
I saw some people also having the same issues, but I am not seeing the fix anywhere. Suggestions?
Imagine my chagrin to find that the new volatility site contains exactly what I proposed below. Mea culpa for referencing old directions and code... :-/
For those that come after me, take a look at https://github.com/volatilityfoundation/volatility/wiki/Linux and specifically:
"You can find a repository of pre-built profiles at the volatilityfoundation/profiles Github.”
Cheers,
Jesse
On Dec 29, 2014, at 7:32 PM, Jesse Bowling <jessebowling(a)gmail.com> wrote:
> Hello,
>
> Hoping someone on the list has a profile for Centos 6.5 running a 2.6.32-431.17.1.el6.x86_64 kernel they wouldn’t mind sharing...It’s a non-standard thing for my environment, so I don’t have a similar box to build from (and am hoping to save the time of building a machine just for this)...
>
> Tangential to this, are there any repositories of Volatility profiles for Linux? I noticed Ken Pryor’s Github repo which seems like a great idea (and platform) for this, however he only has a few Ubuntu versions and it doesn’t look like it’s been updated in a while...Any interest from the Volatility team in starting something similar (if it’s not already happening and I just don’t know about it)?
>
> Cheers,
>
> Jesse
Hi James,
I have updated timeliner to work with the new OpenPyxl API. Just for
reference, my install is from [1]. In addition to this, I have also
added xlsx output as a renderer for the unified output [2]. So you
should be able to get xlsx output from any plugin that has already been
converted. You can see which plugins have this support by using the
--help/-h switch. For example:
$ python vol.py -f mem.img pslist --help
[snip]
Module Output Options: dot, html, json, quicktext, sqlite, text, xlsx
[snip]
$ python vol.py -f mem.img pslist --output=xlsx --output-file=pslist.xlsx
All the best,
-Jamie
[1] https://pypi.python.org/pypi/openpyxl
[2]
https://github.com/volatilityfoundation/volatility/commit/c4a9a732c9411e7b0…
On 12/19/14 7:40 AM, James Lay wrote:
> On Fri, 2014-12-19 at 03:01 +0000, Jamie Levy wrote:
>> OpenPyxl just changed their API and it is no longer compatible. I am in the process of fixing the timeliner plugin to use the new API.
>>
>> Also, the excel output for psxview has already been converted to the new API.
>>
>> All the best,
>>
>> -Jamie
>>
>>
>>
>> ------Original Message------
>> From: James Lay
>> Sender: vol-users-bounces(a)volatilityfoundation.org <mailto:vol-users-bounces@volatilityfoundation.org>
>> To: Volatility
>> ReplyTo: jlay(a)slave-tothe-box.net <mailto:jlay@slave-tothe-box.net>
>> Subject: [Vol-users] Trick to getting xlsx output
>> Sent: Dec 18, 2014 6:27 PM
>>
>> Hey all,
>>
>> Using 2.4...not able to get xlsx output...greeted with:
>>
>> Volatility Foundation Volatility Framework 2.4
>> ERROR : volatility.plugins.timeliner: You must install OpenPyxl for
>> xlsx format:
>> https://bitbucket.org/ericgazoni/openpyxl/wiki/Home
>>
>> My install method for volatility was download, extract, move to
>> /opt/volatility, and python vol.py from there.
>> My install method for openpyxl was:
>>
>> hg clone https://bitbucket.org/openpyxl/openpyxl
>> cd openpyxl
>> python setup.py build
>> sudo python setup.py install
>>
>> Is there anything else I need to check? I see a slew of items in:
>>
>> /usr/local/lib/python2.7/dist-packages/openpyxl-2.1.4-py2.7.egg/
>>
>> Thank you.
>>
>> James
>> _______________________________________________
>> Vol-users mailing list
>> Vol-users(a)volatilityfoundation.org <mailto:Vol-users@volatilityfoundation.org>
>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>>
>
> Awesome....looking forward to it...thank you.
>
> James
--
Jamie Levy (@gleeda)
Blog: http://volatility-labs.blogspot.com/
GPG: http://pgp.mit.edu/pks/lookup?op=get&search=0x196B2AB527A4AC92
Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92
OpenPyxl just changed their API and it is no longer compatible. I am in the process of fixing the timeliner plugin to use the new API.
Also, the excel output for psxview has already been converted to the new API.
All the best,
-Jamie
------Original Message------
From: James Lay
Sender: vol-users-bounces(a)volatilesystems.com
To: Volatility
ReplyTo: jlay(a)slave-tothe-box.net
Subject: [Vol-users] Trick to getting xlsx output
Sent: Dec 18, 2014 6:27 PM
Hey all,
Using 2.4...not able to get xlsx output...greeted with:
Volatility Foundation Volatility Framework 2.4
ERROR : volatility.plugins.timeliner: You must install OpenPyxl for
xlsx format:
https://bitbucket.org/ericgazoni/openpyxl/wiki/Home
My install method for volatility was download, extract, move to
/opt/volatility, and python vol.py from there.
My install method for openpyxl was:
hg clone https://bitbucket.org/openpyxl/openpyxl
cd openpyxl
python setup.py build
sudo python setup.py install
Is there anything else I need to check? I see a slew of items in:
/usr/local/lib/python2.7/dist-packages/openpyxl-2.1.4-py2.7.egg/
Thank you.
James
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilesystems.com
http://lists.volatilesystems.com/mailman/listinfo/vol-users
Hey all,
Using 2.4...not able to get xlsx output...greeted with:
Volatility Foundation Volatility Framework 2.4
ERROR : volatility.plugins.timeliner: You must install OpenPyxl for
xlsx format:
https://bitbucket.org/ericgazoni/openpyxl/wiki/Home
My install method for volatility was download, extract, move to
/opt/volatility, and python vol.py from there.
My install method for openpyxl was:
hg clone https://bitbucket.org/openpyxl/openpyxl
cd openpyxl
python setup.py build
sudo python setup.py install
Is there anything else I need to check? I see a slew of items in:
/usr/local/lib/python2.7/dist-packages/openpyxl-2.1.4-py2.7.egg/
Thank you.
James
I have some processes listed in pslist and psscan that are unable to be dumped using procdump by either the pid or the offset.
Are there other approaches that can be used to dump these processes? Not in front of computer right now but error was something like unable to parse the peb.
I can get the exact error message later if it helps. All other plugins work just find so memory image is not in question.
Sent from my iPhone
Dnardoni(a)gmail.com
Ciao Guys
I want to use from volatility to analyze a linux memory data. So I created a profile of that kernel, transfered it to volatility directory on my computer, now I want to run the plugins but I can not run any of the plugins as It throughs various errors in one case pslist there is no output, other cases it says the command is not suppoerted for this profile, did anyone had the same experience?
Regards
Reza
We are excited to announce that on next Monday, December 15th, from
9AM-11AM PST, the Art of Memory Forensics authors will be doing an AMA
(Ask Me Anything) on Reddit's netsec.
This is a chance to ask us non-technical questions, comment on or ask
about the book, or anything else related to Volatility and memory
forensics.
The last book AMA on Reddit was for the Android Hacker's Handbook and it
will really well with over 300 comments (
https://www.reddit.com/r/netsec/comments/27zdxc/android_hackers_handbook_ama
) . We are hoping to have ours be big as well so please try to attend
and spread the word!
--
Thanks,
Andrew (@attrc)
