[Vol-users] Strange results

5 Dec 2014

      So here's what I got all...an image of a laptop running Windows 7 64
bit...image was captured using DumpIt in an admin console:

Determining profile based on KDBG search...

          Suggested Profile(s) : Win7SP0x64, Win7SP1x64,
Win2008R2SP0x64, Win2008R2SP1x64
                     AS Layer1 : AMD64PagedMemory (Kernel AS)
                     AS Layer2 : FileAddressSpace
(/home/jlay/Forensics/FMCCOMBS-20141203-153133.raw)
                      PAE type : No PAE
                           DTB : 0x187000L
                          KDBG : 0x1b430010a0
          Number of Processors : 1
     Image Type (Service Pack) : 1
                KPCR for CPU 0 : 0xfffff80003002d00L
             KUSER_SHARED_DATA : 0xfffff78000000000L
           Image date and time : 2014-12-03 15:31:47 UTC+0000
     Image local date and time : 2014-12-03 08:31:47 -0700

Running "python vol.py -f ~/Forensics/FMCCOMBS-20141203-153133.raw
--profile Win7SP1x64 pslist"

gets me:

Offset(V)          Name             PID        PPID       Thds
Hnds Sess       Wow64 Start                        Exit
0xfffffa800694ab30 System                    4          0        141
-1 1191132111     0 2014-12-01 15:40:49 UTC+0000     
0xfffffa800ae934f0 ?b?_?b?_?b?_?b?_ 1606836934 1606836934 1606836934
-1         -1     1                              -   

And that's it.  Any hints on just why this isn't showing any processes?
Volatility version is 2.4 running on Ubuntu 14 64 bit.  Thank you.

James

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

[Vol-users] Strange results