On Fri, Sep 12, 2008 at 10:01 AM, Jean-Francois Ragu <JFRAGU@fr.ibm.com> wrote:

Hi all,

Please, is it possible to examine hiberfil.sys file (extracted from a "dead" system) directly with volatility such as ?
   python volatility pslist -f c:\tmp\hiberfil.sys    => Error : Unable to locate valid DTB in Image

or do I have to convert it before in an other format ?

Thanks
Have a good weekend
:)

Best regards
Jean Francois



Sauf indication contraire ci-dessus:/ Unless stated otherwise above:
Compagnie IBM France
Siège Social : Tour Descartes, 2, avenue Gambetta, La Défense 5, 92400 Courbevoie
RCS Nanterre 552 118 465
Forme Sociale : S.A.S.
Capital Social : 542.737.118 euros
SIREN/SIRET : 552 118 465 02430


_______________________________________________
Vol-users mailing list
Vol-users@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users