Re: [Vol-users] Help with Volatility on Linux

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hiya Scott, You have to provide a profile in order to let volatility know you're dealing with a linux system. Volatility 2.2 assumes that if you don't specify a profile you're dealing with a Windows XP system. "python vol.py -h" won't tell you about linux plugins if it thinks you're dealing with a windows system because we've got too many plugins to make the output useful. You can list all the profiles you install of volatility knows about by running "python vol.py --info". If you don't have an Ubuntu profile, you may have to make your own. Instructions for making a profile for linux can be found at [1]. Once you have your profile made, you can tell volatility to use it, by always including "--profile=Linux<yourprofilename>" in your volatility command line. You can then use "python vol.py -h" to see all the available linux plugins. Please let us know how you get on and if you're still having problems making use of the linux support in volatility 2.2... Mike 5:) [1] http://code.google.com/p/volatility/wiki/LinuxMemoryForensics