Thanks, works fine using that syntax. :)
On Mon, May 18, 2015 at 1:41 PM, Jamie Levy <jamie(a)memoryanalysis.net>
wrote:
This is true. When we allowed an option to specify by
types the short -R
was removed. I think it was also due to a conflict in options.
--
Jamie Levy (@gleeda)
On May 18, 2015, at 9:11 AM, Gregory Pendergast <greg.pendergast(a)gmail.com>
wrote:
"--type=Registry" works. -R appears to no longer be an option.
On May 18, 2015, at 11:30 AM, Jared Greenhill <jared703(a)gmail.com> wrote:
Vol Team,
II've been unable to parse the Registry of a Windows system with 2.4 like
I could with 2.3 using the "-R" switch. Do you invoke Registry parsing the
same with 2.4 and Timeliner? When I remove the "-R" flag timeliner runs as
expected. Apologies if this has been discussed somewhere. I've tried with
Vol.py (compiled from source) and the Windows binary flavor of 2.4.
Here's the errors I am receiving:
C:\Users\DFIR-PC\Desktop\Mem>vol.exe -f Bad.img timeliner --output=body >
timeline.txt -R
Volatility Foundation Volatility Framework 2.4
Usage: Volatility - A memory forensics analysis platform.
vol.exe: error: no such option: -R
C:\Users\DFIR-PC\Desktop\Mem>vol.exe -f Bad.img timeliner --output=body
--output-file=timeline.txt -R
Volatility Foundation Volatility Framework 2.4
Usage: Volatility - A memory forensics analysis platform.
vol.exe: error: no such option: -R
C:\Users\DFIR-PC\Desktop\Mem>c:\volatility-master\vol.py -f Bad.img
timeliner --output=body --output-file=timeline.txt -R
Volatility Foundation Volatility Framework 2.4
Usage: Volatility - A memory forensics analysis platform.
vol.py: error: no such option: -R
Thanks!
Jared
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users