Re: [Vol-users] hiberfil.sys
12 Sep
2008
12 Sep
'08
10:26 a.m.
Bonjour Jean-Francois,
Tu peux essayer Sandman Framework
http://www.msuiche.net/
Télécharge http://sandman.msuiche.net/release/SandMan-BHUSA2008-Demos.zip
Essaie d'exécuter hib2mem.exe (hibernation 2 Memory dump)
Bonne journée,
Sébastien
Sorry for english reader, French to english: http://babelfish.yahoo.com/ :-)
On Fri, Sep 12, 2008 at 10:01 AM, Jean-Francois Ragu <JFRAGU(a)fr.ibm.com>wrote:
Hi all,
Please, is it possible to examine hiberfil.sys file (extracted from a
"dead" system) directly with volatility such as ?
python volatility pslist -f c:\tmp\hiberfil.sys => Error : Unable to
locate valid DTB in Image
or do I have to convert it before in an other format ?
Thanks
Have a good weekend
:)
Best regards
Jean Francois
Sauf indication contraire ci-dessus:/ Unless stated otherwise above:
Compagnie IBM France
Siège Social : Tour Descartes, 2, avenue Gambetta, La Défense 5, 92400
Courbevoie
RCS Nanterre 552 118 465
Forme Sociale : S.A.S.
Capital Social : 542.737.118 euros
SIREN/SIRET : 552 118 465 02430
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
Attachments:
- attachment.html (text/html — 2.4 KB)