Thanks David. I just grabbed coffee as well, so I'm ready to troubleshoot!

MHL


On Tue, Apr 2, 2013 at 9:22 AM, David Nardoni <dnardoni@gmail.com> wrote:
No problem I will get the output of those commands to you both today, after I have my coffee :)

Sent from my iPad

On Apr 2, 2013, at 4:10 AM, Michael Hale Ligh <michael.hale@gmail.com> wrote:

Hey guys, 

Unfortunately I haven't seen any data to help me understand what's going on. David, can I bother you for some information? If you've already sent it to Nir, feel free to just forward (or Nir if you have it, please send). 

1) Output of "vol.py --profile=PROFILE -f FILENAME psscan -d -d -d"
2) Output of "vol.py --profile=PROFILE -f FILENAME pslist -d -d -d"
3) Output of "vol.py --profile=PROFILE -f FILENAME kdbgscan"
4) A hexdump of the first 512 bytes of the file. If you're on linux just "xxd FILENAME -l 512 > DUMP.TXT"

Given those details, we should be able to get a good idea of what's going on.

Thanks for your help!
Michael


On Tue, Apr 2, 2013 at 4:47 AM, nir izraeli <nirizr@gmail.com> wrote:
Hi,

Going over the output I can't see why is the VMSN file AS is being rejected.
It used to state the exception thrown when --debug is on, what am I missing?


On Tue, Apr 2, 2013 at 7:19 AM, Michael Hale Ligh <michael.hale@gmail.com> wrote:
Hey guys, 

Is this issue still open? Please let me know so we can make time to investigate it if necessary.

Thanks!
Michael


On Wed, Mar 20, 2013 at 9:33 AM, nir izraeli <nirizr@gmail.com> wrote:
Thanks,

looking forward for your reply :)


On Wed, Mar 20, 2013 at 3:18 PM, david nardoni <dnardoni@gmail.com> wrote:
I will get you all those details today, except the full snapshot. I can not share that

Happy to run whatever you need and provide output

Sent from my iPhone

On Mar 20, 2013, at 3:31 AM, nir izraeli <nirizr@gmail.com> wrote:

Hi Dave,

a few questions if you don't mind,
what's the VM version (vmware has numbered versions for their file formats, you can usually look it up in the VM's properties)?
could you share the output of psscan?
what other plugins you've tried running? could you share the output?
will it be possible to upload the VMware snapshot somewhere so i could look into it?

Thanks,
- Nir.



On Tue, Mar 19, 2013 at 2:31 AM, david nardoni <dnardoni@gmail.com> wrote:
I think I have some issues with a 8+gb VMware snapshot. I can get
psscan and thrdscan output but no other output from other plugins.

Any suggestions from the group on troubleshooting the image.

Fyi I can see all the data when I view it in hbgary responder pro.

Thanks

Dave

Sent from my iPhone
_______________________________________________
Vol-users mailing list
Vol-users@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users



_______________________________________________
Vol-users mailing list
Vol-users@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users