Re: [Vol-users] Trouble using certain commands on Win7SP1x64 memory dump
18 Apr
2014
18 Apr
'14
11:43 a.m.
Hi Jon,
You have to use the 'netscan' plugin for Windows 7. Those other plugins
only work for Windows XP and 2003.
All the best,
-Jamie
On 4/16/2014 5:20 PM, Jon Q wrote:
Good afternoon,
I'm having a bit of trouble using Volatility for memory forensics with
the goal of malware detection. I've captured a memory dump of a Windows
7 SP1 x64 machine using winpmem_1.5.5.exe and am using the 2.3.1
standalone variant of Volatility on a Windows 7 SP1 x64 machine. When i
issue commands such as 'connections' , 'connscan' , 'sockets' i
get the
error "This command does not support the profile Win7SP1x64." I've also
tried Volatility Standalone 2.3 and 2.2. Any explanation would be
greatly appreciated. Thanks!
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
--
Jamie Levy (@gleeda)
Blog: http://volatility-labs.blogspot.com/
GPG: http://pgp.mit.edu/pks/lookup?op=get&search=0x196B2AB527A4AC92
Fingerprint: 2E87 17A1 EC10 1E3E 11D3 64C2 196B 2AB5 27A4 AC92
Attachments:
- 0x27A4AC92.asc (application/pgp-keys — 2.2 KB)