[Vol-users] Help with Volatility on Linux

My final assignment for a digital forensics class has me exploring the capabilities of Volatility for memory review of a Linux system. I have since learned about lime (Linux Memory Extractor) and about Volatility's own kernel module, pmem.ko, which appears to provide faster memory capture than lime. The assignment initially had us visiting volatilityfoundation.org web page which only had through version 2.1. Additional searching revealed active work on code.google.com, which also says linux support is part of 2.2. So, I obtained version 2.2, and am getting very mixed results. I am using an out-of-box version of Ubuntu 10.04 32-bit with some updates to bring python up-to-date in a VMware Player 4.0.4 VM. In my trials thus far, I can get some results from: python ./vol.py connscan -f /path/to/memory.img I've pretty much gone through many of the options provided by python ./vol.py -h and usually end up with the error: "No suitable address space mapping found Tried to open image as:" Various google searches, and in reading the volatility page, really seems to indicate the code is still very Windows-oriented. Am I missing something? I'd like to get some decent results, if possible. I also tried an svn update, but that most recent version yielded an immediate python error on vol.py. Thanks for any insights. Scott