Re: [Vol-users] unable to load image

I think I know the answer to this, but I want to be certain. I captured live memory with FTK Imager Lite (Current version) I am now trying to examine the memory, and receive: commandme : python volatility connections -f memdump.txt /work/Volatility-1.3_Beta/forensics/win32/crashdump.py:31: DeprecationWarning: the sha module is deprecated; use the hashlib module instead import sha Usage: connections [options] (see --help) volatility: error: Unable to load image. Possible causes: invalid dtb, wrong image type, unsupported image type. I suspect that FTK doesn't create a linear image. I tried this on a Mac and WIndows. If this is correct, does anyone know of an open source tool I can analyze this ftk memory dump with? I can't recreate another. I tried wmft_0.2 but I think that this tool is in the early stages of development. I was only able to pul a lit of drivers with it. -- Bruce D. Meyer Analysis & Encryption (803) 896-0469 (803) 896-1650 (SOC) My Key Fingerprint is: 8BC3 14B5 CE77 3C83 F4A7 5353 3F27 97FF 0591 44F9 ------------------------- South Carolina Information Sharing and Analysis Center (SC-ISAC) Department of State I.T. (D.S.I.T) http://sc-isac.sc.gov ~-~-~-~-~-~-~-~-~-~-~-~-~- Upload your PGP public key, download or verify mine at: http://keys.cio.sc.gov<http://keys.cio.sc.gov/>