[Vol-users] trouble with .volatilityrc file

1. I have a directory with a memory dump called memdum.bin 2. I run volatility image info against it and I get Air:ticket_number jamesk$ vol.py -f memdump.bin imageinfo Volatility Foundation Volatility Framework 2.5 INFO : volatility.debug : Determining profile based on KDBG search... Suggested Profile(s) : Win2003SP0x86, Win2003SP1x86, Win2003SP2x86 (Instantiated with Win2003SP0x86) AS Layer1 : IA32PagedMemory (Kernel AS) AS Layer2 : FileAddressSpace (/Users/jamesk/Desktop/jackcr-challenge/DC-USTXHOU/ticket_number/memdump.bin) PAE type : No PAE DTB : 0x39000L KDBG : 0x805583d0L Number of Processors : 1 Image Type (Service Pack) : 0 KPCR for CPU 0 : 0xffdff000L KUSER_SHARED_DATA : 0xffdf0000L Image date and time : 2012-11-27 02:01:57 UTC+0000 Image local date and time : 2012-11-26 20:01:57 -0600 3. I can run vol.py --profile=Win2003SP0x86 -f memdump.bin pslist and get process list just fine…but... In that same directory as the memdump.bin file I have a .volatilityrc file which contains [DEFAULT] PROFILE=Win2003SP2x86 LOCATION=file://memdump.bin <file:///memdump.bin> When I run vol.py pslist I get: No suitable address space mapping found Is my syntax incorrect somewhere? Jk