Re: [Vol-users] Something changed recently and now my Linux profiles don't work
7 Apr
2016
7 Apr
'16
4:13 p.m.
Now my feature request, can we get PPID added to the linux_pslist output?
:-)
--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly:
I guess it really has been a long week. It turns out
that --info will show
the profiles if I use --plugins=~user/dir but the profile only actually works
if I use --plugins=/home/user/dir So, I guess problem mostly solved. User
error on my part. Return to your regularly scheduled programming. (As I
slink away in shame)
--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly:
Sigh... Ignore that last e-mail (although that is
all the debug info I get
when it fails and, yes, I know I gave an invalid switch -m should have been
-f). I redid it copying and pasting the profile name from the --info
listing on the virgin system and it actually does work, so my next move is
to install (from github) the current version on my actual production system
and see if that fixes the issues. Maybe the version from the SIFT repos is
broken (that is what was running on the system where I originally had the
problem). It has been a long week. :-/.
--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
On or about Thu, 7 Apr 2016, Andrew Case pontificated thusly:
Hey,
Can you run volatility with -dd set and send the output? If I can't
figure out it from there I will take the memory sample and profile. Feel
free to send debug output offline.
Thanks,
Andrew (@attrc)
On 04/07/2016 12:27 PM, Jim Clausing wrote:
Gang,
I've googled it and saw some other discussion of the dreaded
ERROR : volatility.debug : Invalid profile <blah> selected
error. I'm trying to figure out what changed recently so that profiles
that used to work for me, no longer work. I just did a fresh Ubuntu
14.04.4 install and then installed volatility (and distorm3 via pip)
from github and I'm getting the error above. Note, this is the current
release version, though I also have the problem with the version from
whatever repo SIFT uses. The profile actually came from SecondLook and
worked just fine on a different Ubuntu system about 4 weeks ago, but
today it fails (on the system where it used to run), so I decided to try
on this virgin system and get the same error. I'm at a loss, since
there are no other debugging messages to help me out with what might be
the problem. I can provide the profile to anyone who needs it (and
probably a memory image, too, but that needs to be a little more tightly
controlled) if that would help.
--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users