[Vol-users] Re: Problem with Windows 10 analysis

On Donnerstag, 23. Juni 2016, 13:49:58 wrote Klaus Möller: After a few more hours, here's the "output" from netscan: $ vol.py --tz=CET --profile=Win10x64 -f /srv/evidence/memdump.mem --kdbg=0xf8033ca31a14 netscan Volatility Foundation Volatility Framework 2.5 Offset(P) Proto Local Address Foreign Address State Pid Owner Created ? 2016-06-06 18:03:41 CEST+0200 *:* 512 ? 0xe0008817c4c0 UDPv4 0.0.0.0:0 *:* 980 ?j? 2016-06-15 08:13:14 CEST+0200 0xe0008817c4c0 UDPv6 :::0 *:* 980 ?j? 2016-06-15 08:13:14 CEST+0200 0xe00088d67c90 UDPv6 ::1:16528 *:* 1168 ??q? 2016-06-15 14:19:21 CEST+0200 0xe00089d8f330 UDPv4 0.0.0.0:0 *:* 980 ?j? 2016-06-16 12:32:29 CEST+0200 0xe00089d8f330 UDPv6 :::0 *:* 980 ?j? 2016-06-16 12:32:29 CEST+0200 ? 2016-06-06 18:03:41 CEST+0200 *:* 512 ? ? 2016-06-06 18:03:41 CEST+0200 *:* 512 ? ? 2016-06-06 18:03:41 CEST+0200 *:* 512 ? same problems here: the command takes hours to complete and the output strings are garbled. Best regards, Klaus Möller, DFN-CERT -- Dipl. Inform. Klaus Moeller (Consulting Analysis Training Team) Phone: +49 40 808077-555, Fax: +49 40 808077-556 DFN-CERT Services GmbH, https://www.dfn-cert.de/, Phone +49 40 808077-555 Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737 Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski Wir sind auf der it-sa: 18.-20.10.2016 http://www.it-sa.de