[Vol-users] Are Volatility's Win7 profiles correct for Home Premium 32 bit?

Members of the list, I have been attempting to recover some unsaved files from a hiberfil.sys from a Windows 7 system. It is from a laptop, I'm pretty sure running Home Premium 32 bit. I use an XP system to run the standalone version of Volatility. Using 'volatility -f hiberfil.sys --profile=Win7SP0x86 imageinfo' I get: ' Suggested Profile(s) : No suggestion (Instantiated with Win7SP0x86) AS Layer1 : IA32PagedMemoryPae (Kernel AS) AS Layer2 : WindowsHiberFileSpace32 (Unnamed AS) AS Layer3 : FileAddressSpace (I:\hfr\hiberfil.sys) PAE type : PAE DTB : 0x0L KUSER_SHARED_DATA : 0xffdf0000L' Using 'volatility -f hiberfil.sys --profile=Win7SP1x86 hibinfo' I get: 'Volatility Foundation Volatility Framework 2.3.1 PO_MEMORY_IMAGE: Signature: HIBR SystemTime: 1970-01-01 00:00:00 UTC+0000 Control registers flags CR0: 00000000 CR0[PAGING]: 0 CR3: 00000000 CR4: 00000000 CR4[PSE]: 0 CR4[PAE]: 0 Windows Version is -.- (-)' Other modules seem to hang, or produce no results. I thought I must have a bad file, but I got it from the right place, and changing the name or location doesn't seem easy enough that an OEM would do it. I thought I might be using the tool wrong, but it seems I can get it working better with four out of the five NIST samples linked from the code.google.com/p/volatility/wiki website. I'm wondering if trying to do something volatility doesn't support yet, or if I am simply making a mistake. Thanks, andybellman(a)outlook.com