[Vol-users] CentOS 5.8 profile not working

Dear sir, Currently we doing investigate an security breach, our server is CentOS 5.8. After dump memory raw, we can not processing with Volatility. We have read the topic : http://lists.volatilityfoundation.org/pipermail/vol-users/2013-February/000… After edit to that DTB we found it work on LIME profile but doesn't work on Raw memory dump. Can we have some instruction how to convert Raw memory to LIME? Or how to debug to find correct DTB in raw memory only? Btw, we trying to brute force like your advise but it very long since the range is from -0x200000 -> 0x200000. Regards,