It turns out I am just impatient! I waited at least ten minutes and nothing. However to answer your question:

Vol.py -f /cases/memdump.mem imageinfo > 1.imaginfo

I do it this way so I know what modules I've run and in which order.

Thanks, Michael.



Regards,

Lee Armet | Senior Investigator, Forensic Technology Services| Global Security & Investigations | TD Bank Group‬‪
T: (416) 982-6855 | M: (647) 242-0002‬‪
 
From: Michael Hale Ligh [mailto:michael.hale@gmail.com]
Sent: Tuesday, August 14, 2012 12:24 PM
To: Armet, Lee
Cc: Vol-users@volatilesystems.com <Vol-users@volatilesystems.com>
Subject: Re: [Vol-users] Problem with 2.2_alpha
 
Armet, 

What was your full command line used to produce the hang? If you'd like to try an older version of volatility, that would be a good idea as well - the 2.1 and 2.0 releases are available here: http://code.google.com/p/volatility/downloads/list

Thanks,
MHL

On Tue, Aug 14, 2012 at 11:22 AM, Armet, Lee <Lee.Armet@td.com> wrote:
I imaged a live Win7 32bit system 3gb just now with both ftkimager and winen and when I try to analyse the ram vol just hangs and hangs.

The memory acquisition seemed to complete without error.

Should I use an older version of vol?



Regards,

Lee Armet | Senior Investigator, Forensic Technology Services| Global Security & Investigations | TD Bank Group‬‪
T: (416) 982-6855 | M: (647) 242-0002‬‪
NOTICE: Confidential message which may be privileged. Unauthorized use/disclosure prohibited. If received in error, please go to www.td.com/legal for instructions.
AVIS : Message confidentiel dont le contenu peut être privilégié. Utilisation/divulgation interdites sans permission. Si reçu par erreur, prière d'aller au www.td.com/francais/avis_juridique pour des instructions.

_______________________________________________
Vol-users mailing list
Vol-users@volatilesystems.com
http://lists.volatilesystems.com/mailman/listinfo/vol-users