Which tool did you use to acquire?
Sent from my droid --
I have a Win7SP1x64 image with the following issues:
imageinfo never completes (this is as far as it gets)
Determining profile based on KDBG search...
Suggested Profile(s) : Win2008R2SP0x64, Win7SP1x64,
Win7SP0x64, Win2008R2SP1x64
AS Layer1 : AMD64PagedMemory (Kernel AS)
AS Layer2 : FileAddressSpace (/data/8564/8564.raw)
PAE type : No PAE
DTB : 0x187000L
pslist shows no processes
netscan shows no connections.
I am using Volatility 2.3.1 on linux, but I have tried the standalone
windows exe with the same results.
Image was collected with winpmem 1.4.1, and I watched the capture. I
did not see any errors and it seemed to take about the right amount of
time.
What would be my next steps to troubleshoot?
_______________________________________________
Vol-users mailing list
Vol-users@volatilesystems.com
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users