Re: [Vol-users] Difficulty creating CentOS profiles

OK, we're making progress... Michael Ligh also suggested that article. I had dismissed it as not applicable because it was regarding CentOS 5.3 and the earliest I've been attempting is 5.8. My apologies for not trying it sooner. It did work for the Lime format, but not the Raw format which is ultimately what I need. Would different offsets work for the raw format? Is it possible to convert a raw format image into Lime format? Also, does this mean that I need different volatility code for different kernels? My role is to perform forensic analysis on compromised systems. I can conceivably get any type of system and I get them in large enough volume that I've been developing scripts to automate these sort of tasks. Thanks for all your help so far, Geoff -----Original Message----- From: Andrew Case [mailto:atcuno@gmail.com] Sent: Thursday, February 06, 2014 7:32 AM To: Torres, Geoff (Global Cyber Security); 'vol-users(a)volatilityfoundation.org' Subject: Re: [Vol-users] Difficulty creating CentOS profiles Hello, I believe you are having the same issues that we diagnosed here: http://lists.volatilityfoundation.org/pipermail/vol-users/2013-February/000… Could you please edit your code as MHL explains to account for the shift? It only requires two small changes to the existing code. Note that the line numbers may be different since the code has been update since then but if you search for the 0xffffffff80000000 number in each file you will be able to find it. Also we would recommend acquiring in the lime format "format=lime" instead of acquiring in the raw one. Let me know how it goes. Thanks, Andrew (@attrc) On 2/5/2014 5:26 PM, Torres, Geoff (Global Cyber Security) wrote: