Hello guys,
I'm trying to use Volatility through Firewire, but actually it's not
working.
My investigator PC runs Ubuntu Linux Ubuntu 12.04
I'm using the New (JuJu) Firewire stack compiled into kernel and I
also installed forensic1394.
My Firewire Bus is up and connected to a Firewire Bus on a target
win7 system (4GB memory),
I can successfully dump the memory with another tool called
'inception'.
However, output only says:
vol# python vol.py -l firewire://forensic1394/0
--profile=Win7SP1x64 modules
Volatility Foundation Volatility Framework 2.3.1
No suitable address space mapping found
Tried to open image as:
MachOAddressSpace: mac: need base
LimeAddressSpace: lime: need base
WindowsHiberFileSpace32: No base Address Space
WindowsCrashDumpSpace64: No base Address Space
HPAKAddressSpace: No base Address Space
VirtualBoxCoreDumpElf64: No base Address Space
VMWareSnapshotFile: No base Address Space
WindowsCrashDumpSpace32: No base Address Space
AMD64PagedMemory: No base Address Space
IA32PagedMemoryPae: No base Address Space
IA32PagedMemory: No base Address Space
FileAddressSpace: Location is not of file scheme
ArmAddressSpace: No base Address Space
What I am doing wrong?
Thank you!
--
Sebastian