Thanks for your suggestion. I did try hibr2bin.exe, that didn't work
either (error was: "Failed. Cannot open file. Please check if the file
is not being used")
The first page (4096 Byte) of the file is empty - but as far as I know
that shouldn't be a problem.
Christian
On 11/17/2010 02:40 PM, Johnathan Bridbord wrote:
Christian-
Perhaps try the following syntax:
#python volatility hibinfo -f /tmp/hiberfil.sys -d /tmp/hiberfil.dd
I recommend Matt's standalone windows executable hibr2bin from moonsol.
Thanks,
JB
Sent via BlackBerry by AT&T
-----Original Message-----
From: Christian Herndler <christian(a)herndler.com>
Sender: vol-users-bounces(a)volatilityfoundation.org
Date: Wed, 17 Nov 2010 08:55:24
To: <vol-users(a)volatilityfoundation.org>
Subject: [Vol-users] Problem converting hiberfil.sys
Hello,
I tried to convert a hiberfil.sys from WindowsXP SP0 German and get the
following error:
.
/volatility hibinfo -f /tmp/hiberfil.sys -d /tmp/hiberfil.dd
Traceback (most recent call last):
File "./volatility", line 219, in <module>
main()
File "./volatility", line 212, in main
modules[argv[1]].execute(argv[1], argv[2:])
File "/opt/Volatility/vmodules.py", line 62, in execute
self.cmd_execute(module, args)
File "/opt/Volatility/vmodules.py", line 1616, in hibinfo
hiberAS = WindowsHiberFileSpace32(fileAS,0,0)
File "/opt/Volatility/forensics/win32/hiber_addrspace.py", line 146,
in __init__
for i in range(0,EntryCount):
OverflowError: range() result has too many items
any ideas ?
Christian
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users