Re: [Vol-users] Troubleshooting vmsn image
2 Apr
2013
2 Apr
'13
9:22 a.m.
No problem I will get the output of those commands to you both today, after I have my
coffee :)
Sent from my iPad
On Apr 2, 2013, at 4:10 AM, Michael Hale Ligh <michael.hale(a)gmail.com> wrote:
Hey guys,
Unfortunately I haven't seen any data to help me understand what's going on.
David, can I bother you for some information? If you've already sent it to Nir, feel
free to just forward (or Nir if you have it, please send).
1) Output of "vol.py --profile=PROFILE -f FILENAME psscan -d -d -d"
2) Output of "vol.py --profile=PROFILE -f FILENAME pslist -d -d -d"
3) Output of "vol.py --profile=PROFILE -f FILENAME kdbgscan"
4) A hexdump of the first 512 bytes of the file. If you're on linux just "xxd
FILENAME -l 512 > DUMP.TXT"
Given those details, we should be able to get a good idea of what's going on.
Thanks for your help!
Michael
On Tue, Apr 2, 2013 at 4:47 AM, nir izraeli <nirizr(a)gmail.com> wrote:
Hi,
Going over the output I can't see why is the VMSN file AS is being rejected.
It used to state the exception thrown when --debug is on, what am I missing?
On Tue, Apr 2, 2013 at 7:19 AM, Michael Hale Ligh <michael.hale(a)gmail.com> wrote:
> Hey guys,
>
> Is this issue still open? Please let me know so we can make time to investigate it if
necessary.
>
> Thanks!
> Michael
>
>
> On Wed, Mar 20, 2013 at 9:33 AM, nir izraeli <nirizr(a)gmail.com> wrote:
>> Thanks,
>>
>> looking forward for your reply :)
>>
>>
>> On Wed, Mar 20, 2013 at 3:18 PM, david nardoni <dnardoni(a)gmail.com> wrote:
>>> I will get you all those details today, except the full snapshot. I can not
share that
>>>
>>> Happy to run whatever you need and provide output
>>>
>>> Sent from my iPhone
>>>
>>> On Mar 20, 2013, at 3:31 AM, nir izraeli <nirizr(a)gmail.com> wrote:
>>>
>>>> Hi Dave,
>>>>
>>>> a few questions if you don't mind,
>>>> what's the VM version (vmware has numbered versions for their file
formats, you can usually look it up in the VM's properties)?
>>>> could you share the output of psscan?
>>>> what other plugins you've tried running? could you share the output?
>>>> will it be possible to upload the VMware snapshot somewhere so i could
look into it?
>>>>
>>>> Thanks,
>>>> - Nir.
>>>>
>>>>
>>>>
>>>> On Tue, Mar 19, 2013 at 2:31 AM, david nardoni <dnardoni(a)gmail.com>
wrote:
>>>>> I think I have some issues with a 8+gb VMware snapshot. I can get
>>>>> psscan and thrdscan output but no other output from other plugins.
>>>>>
>>>>> Any suggestions from the group on troubleshooting the image.
>>>>>
>>>>> Fyi I can see all the data when I view it in hbgary responder pro.
>>>>>
>>>>> Thanks
>>>>>
>>>>> Dave
>>>>>
>>>>> Sent from my iPhone
>>>>> _______________________________________________
>>>>> Vol-users mailing list
>>>>> Vol-users(a)volatilityfoundation.org
>>>>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>>
>>
>> _______________________________________________
>> Vol-users mailing list
>> Vol-users(a)volatilityfoundation.org
>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
Attachments:
- attachment.html (text/html — 5.7 KB)