I have a hiberfil.sys file from a windows xp sp3 machine and I am trying to convert it to dd using the hibinfo script in volatility.  I keep getting an error half through the script as follows:<br><br>$ python volatility hibinfo -f /c/Documents\ and\ Settings/Mark\ Morgan/My\ Doc<br>
uments/Hiberfil\ Test/hiberfil.sys -d /c/Documents\ and\ Settings/Mark\ Morgan/<br>My\ Documents/Hiberfil\ Test/hiber.dd<br>Signature:<br>SystemTime: Thu Jan 01 00:00:00 1970<br><br>Control registers flags<br>CR0: 80010031<br>
CR0[PAGING]: 1<br>CR3: 0afc0080<br>CR4: 000006f1<br>CR4[PSE]: 1<br>CR4[PAE]: 1<br>Traceback (most recent call last):<br>  File &quot;volatility&quot;, line 219, in &lt;module&gt;<br>    main()<br>  File &quot;volatility&quot;, line 212, in main<br>
    modules[argv[1]].execute(argv[1], argv[2:])<br>  File &quot;c:\Volatility-1.3_Beta\vmodules.py&quot;, line 62, in execute<br>    self.cmd_execute(module, args)<br>  File &quot;c:\Volatility-1.3_Beta\vmodules.py&quot;, line 1677, in hibinfo<br>
    (major,minor,build) =  hiberAS.get_version()<br>  File &quot;c:\Volatility-1.3_Beta\forensics\win32\hiber_addrspace.py&quot;, line 452, in<br> get_version<br>    addr_space = IA32PagedMemoryPae(self,self.CR3)<br>NameError: global name &#39;IA32PagedMemoryPae&#39; is not defined<br>
<br><br>I am wondering if it is because this is a sp3 box???  Any help would be appreciated.<br><br><br>Mark Morgan<br>702-942-2556<br>