(I definitely have the reply I sent hours ago in my 'Sent Items', but maybe
the Internet ate it. Anyway...)
Just to add to what MHL said, I notice your error concerns fileparam.py
which is odd.
It should be present:
/path/to/volatility$ find -type f -name fileparam.py
./volatility/plugins/fileparam.py
In case MHL's suggestion doesn't fix it, can you find the fileparam.py file?
Where did you get your copy of 2.4 from?
Might be worth grabbing it again from github.
Bridgey
Is zeusscan depreciated in version 2.4?
Volatility Foundation Volatility Framework 2.4
ERROR : volatility.plugins.fileparam: The requested file doesn't exist
As mentioned earlier this week, we have extended the deadline for the 2014
Volatility Plugin Contest until October 1st because an organization wanted
to augment the prizes. We are excited to share that due to an extremely
generous donation from Facebook, the total cash prizes have been doubled
from $2250 USD to $4500 USD!
If you have already submitted to the contest, you can use this extra time
to fine tune your submission or submit another entry to improve your
chances. If you were considering submitting, you now have an extra month
to demonstrate your creativity, become a memory analysis pioneer, win the
admiration of your peers, and give back to the community!
It’s great to see some of the largest companies in the world showing their
support for and giving back to the memory forensics community! Thank you,
Facebook, and good luck to all participants in the contest - the stakes
have literally just doubled!
AAron Walters
The Volatility Foundation
Despite the fact we have already surpassed the number of submissions to
last year’s contest, we are excited to announce that we have extended the
deadline for the 2014 Volatility Plugin Contest until October 1st, 2014.
We received a number of inquiries from people who recently learned about
the competition when they purchased “The Art of Memory Forensics” and an
exciting new competition sponsor (more details next week) that wanted to
further augment our prizes.
If you have already submitted to the contest, you can use this extra time
to fine-tune your submission. If you were considering submitting, you now
have an extra month to demonstrate your creativity and implement an
innovative, interesting, and useful Volatility extension! It’s great to
see some of the largest companies in the world showing their support for
and giving back to the memory forensics community!
AW
The Volatility Foundation
This is the 2nd of 3 videos that we showed at Black Hat Arsenal this year:
http://volatility-labs.blogspot.com.au/2014/08/volatility-24-at-blackhat-ar…
This video takes you through using Volatility to automatically find,
extract, and analyze a rootkit with both kernel and userland components.
--
Thanks,
Andrew (@attrc)
We (the Volatility team) recently released Volatility 2.4 at Black Hat
Arsenal in Vegas. To drive the demonstrations, MHL made 3 videos showing
off interesting features of the framework. The first of these, Tracking
Mac OS X User Activity, is now publicly available:
http://volatility-labs.blogspot.com/2014/08/volatility-24-at-blackhat-arsen…
We will be releasing the rest over the next several weeks. Please send
us any feedback you may have on the videos, and we hope you enjoy the
new features of 2.4!
--
Thanks,
Andrew (@attrc)
The "imagecopy" plugin in Volatility 2.4 does not decompress hiberfil.sys
files from Windows 8 machines, at least in the tests that I have tried. In
most cases, I'm getting identical files out, which means that the
hiberfil.sys wasn't translated into a native physical address space, which
suggests it's not supported? I have also tried using the Moonsols Windows
Memory Toolkit which claims to support Windows 8, but that software seems
to fail as well.
Has anybody had any luck with uncompressing a Windows 8 hiberfil.sys file?
Is there any other tool I can use to accomplish this?
TIA
The 2.4 edition of our popular Volatility cheat sheet is released! It
features an updated Windows page, all new Linux and Mac OS X pages, and
an extremely handy RTFM-style insert for Windows memory forensics.
http://volatility-labs.blogspot.com/2014/08/new-volatility-24-cheet-sheet-w…
Please let us know if you have any questions with the new plugins, and
we hope that you are putting 2.4 to good use ;)
--
Thanks,
Andrew (@attrc)
vol-users,
Registration has officially opened for the 6th Annual Open Memory
Forensics Workshop (OMFW) 2014. This half-day workshop will be held prior
to the 2014 Open Source Digital Forensics Conference (OSDFC) in Herndon,
VA, USA, on November 4, 2014.
"OMFW is the only digital forensics workshop focused on providing a venue
for the most advanced digital investigators. It is intended for those
people who realize that the only real defense against a creative technical
human adversary is a creative technical human analyst. No shady vendors
trying to describe how they re-implemented open source tools or boisterous
trainers attempting to discuss topics they only superficially understand.
This is your opportunity to learn directly from an international cadre of
pioneering researchers and practitioners who have been shaping the field
of memory analysis since its inception. Through a series of invited talks
you will have the opportunity to engage this exciting community."
We are still accepting presentations from people who are performing
innovative memory analysis research or from people who have interesting
case studies where memory forensics provided a critical component of the
investigation. If you are interested in participating, please contact us.
Submissions are due no later than October 1, 2014.
This year's workshop will also present the results of The 2nd Annual
Volatility Framework Plugin Contest! If you are interested in presenting
at the conference, submitting a contest entry is another option. Selected
contestants may be asked to present their work at the workshop and have it
featured on the Volatility Labs Blog. All contest submissions are due by
September 1, 2014.
To learn more about the workshop, read testimonials of previous attendees,
and find out what makes OMFW so unique, please visit the workshop website:
http://www.volatilityfoundation.org/#!2014/cwat
Details about the location will be provided upon registration.
Pre-registration is required and space is LIMITED, so register early.
Please note that it will NOT be possible to register at the door.
Registration closes on October 24, 2014.
Reserve your seat by contacting: info [at] volatilityfoundation [dot] org.
Thanks,
AAron Walters
The Volatility Foundation
