Re: [Vol-users] Error with 2.4 Debian Wheezy
26 Sep
2014
26 Sep
'14
11:16 p.m.
Hi Sean,
It seems very strange that you’d get a different number of processes with each run.
Coupled with the IOError and the path being /mnt/hgfs (VMware host to guest), I would try
to first rule out something weird with VMware Tools data transfer. Can you copy the memory
dump into your virtual machine and run Volatility against the local file?
MHL
--------------------------------------------------
Michael Ligh (@iMHLv2)
GPG: http://mnin.org/gpg.pubkey.txt
Blog: http://volatility-labs.blogspot.com
On Sep 25, 2014, at 8:57 AM, Sean McLinden <mclinden(a)informed.net> wrote:
I just build a VM with Debian (I needed to install other packages) and when I run this on
a memory image I get the following (after about 10 minutes). The pslist.txt file is
partially populated though how far it gets differs with each run.
The box is Windows 7 Enterprise SP 1. The image was acquired using FTK. The box is
believed to be infected with malware.
user@host:/mnt/hgfs/288A-LV-2810395/Workspace/QJK1/memory# vol.py pslist > pslist.txt
Volatility Foundation Volatility Framework 2.4
Traceback (most recent call last):
File "/usr/local/bin/vol.py", line 192, in <module>
main()
File "/usr/local/bin/vol.py", line 183, in main
command.execute()
File "/usr/local/lib/python2.7/dist-packages/volatility/commands.py", line
127, in execute
func(outfd, data)
File "/usr/local/lib/python2.7/dist-packages/volatility/plugins/taskmods.py",
line 178, in render_text
str(task.ExitTime or ''),
File "/usr/local/lib/python2.7/dist-packages/volatility/commands.py", line
219, in table_row
outfd.write(self.tablesep.join(reslist) + "\n")
IOError: [Errno 22] Invalid argument
Thanks for any help.
Sean McLinden
_______________________________________________
Vol-users mailing list
Vol-users(a)volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
Attachments:
- signature.asc (application/pgp-signature — 236 bytes)