Re: [Vol-users] Something changed recently and now my Linux profiles don't work
8 Apr
2016
8 Apr
'16
9:48 a.m.
Thank you very much. :-)
--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
On or about Thu, 7 Apr 2016, Andrew Case pontificated thusly:
https://github.com/volatilityfoundation/volatility/commit/429a160925b216f04…
:)
Thanks,
Andrew (@attrc)
On 04/07/2016 03:13 PM, Jim Clausing wrote:
Now my feature request, can we get PPID added to
the linux_pslist
output? :-)
--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly:
I guess it really has been a long week. It turns
out that --info will
show the profiles if I use --plugins=~user/dir but the profile only
actually works if I use --plugins=/home/user/dir So, I guess problem
mostly solved. User error on my part. Return to your regularly
scheduled programming. (As I slink away in shame)
--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly:
Sigh... Ignore that last e-mail (although that is
all the debug info
I get when it fails and, yes, I know I gave an invalid switch -m
should have been -f). I redid it copying and pasting the profile
name from the --info listing on the virgin system and it actually
does work, so my next move is to install (from github) the current
version on my actual production system and see if that fixes the
issues. Maybe the version from the SIFT repos is broken (that is
what was running on the system where I originally had the problem).
It has been a long week. :-/.
--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
On or about Thu, 7 Apr 2016, Andrew Case pontificated thusly:
> Hey,
>
> Can you run volatility with -dd set and send the output? If I can't
> figure out it from there I will take the memory sample and profile.
> Feel
> free to send debug output offline.
>
> Thanks,
> Andrew (@attrc)
>
> On 04/07/2016 12:27 PM, Jim Clausing wrote:
>> Gang,
>> I've googled it and saw some other discussion of the dreaded
>>
>> ERROR : volatility.debug : Invalid profile <blah> selected
>>
>> error. I'm trying to figure out what changed recently so that
>> profiles
>> that used to work for me, no longer work. I just did a fresh Ubuntu
>> 14.04.4 install and then installed volatility (and distorm3 via pip)
>> from github and I'm getting the error above. Note, this is the
>> current
>> release version, though I also have the problem with the version from
>> whatever repo SIFT uses. The profile actually came from SecondLook
>> and
>> worked just fine on a different Ubuntu system about 4 weeks ago, but
>> today it fails (on the system where it used to run), so I decided
>> to try
>> on this virgin system and get the same error. I'm at a loss, since
>> there are no other debugging messages to help me out with what
>> might be
>> the problem. I can provide the profile to anyone who needs it (and
>> probably a memory image, too, but that needs to be a little more
>> tightly
>> controlled) if that would help.
>>
>> --
>> Jim Clausing
>> GIAC GSE #26, CISSP
>> GPG Fingerprint = A507 774A 39D6 A702 9F7C 8808 3D13 77B8 AACD 848D
>> _______________________________________________
>> Vol-users mailing list
>> Vol-users(a)volatilityfoundation.org
>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>>
>
>