[Vol-users] Problem converting hiberfil.sys

Christian Herndler christian at herndler.com
Wed Nov 17 08:19:19 CST 2010


Thanks for your suggestion. I did try hibr2bin.exe, that didn't work
either (error was: "Failed. Cannot open file. Please check if the file
is not being used")

The first page (4096 Byte) of the file is empty - but as far as I know
that shouldn't be a problem.

Christian


On 11/17/2010 02:40 PM, Johnathan Bridbord wrote:
> Christian-
> 
> Perhaps try the following syntax:
> 
> #python volatility hibinfo -f /tmp/hiberfil.sys -d /tmp/hiberfil.dd
> 
> I recommend Matt's standalone windows executable hibr2bin from moonsol.
> 
> Thanks,
> JB
> Sent via BlackBerry by AT&T
> 
> -----Original Message-----
> From: Christian Herndler <christian at herndler.com>
> Sender: vol-users-bounces at volatilityfoundation.org
> Date: Wed, 17 Nov 2010 08:55:24 
> To: <vol-users at volatilityfoundation.org>
> Subject: [Vol-users] Problem converting hiberfil.sys
> 
> Hello,
> 
> I tried to convert a hiberfil.sys from WindowsXP SP0 German and get the
> following error:
> 
> .
> /volatility hibinfo -f /tmp/hiberfil.sys -d /tmp/hiberfil.dd
> Traceback (most recent call last):
>   File "./volatility", line 219, in <module>
>     main()
>   File "./volatility", line 212, in main
>     modules[argv[1]].execute(argv[1], argv[2:])
>   File "/opt/Volatility/vmodules.py", line 62, in execute
>     self.cmd_execute(module, args)
>   File "/opt/Volatility/vmodules.py", line 1616, in hibinfo
>     hiberAS = WindowsHiberFileSpace32(fileAS,0,0)
>   File "/opt/Volatility/forensics/win32/hiber_addrspace.py", line 146,
> in __init__
>     for i in range(0,EntryCount):
> OverflowError: range() result has too many items
> 
> any ideas ?
> 
> Christian
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users


More information about the Vol-users mailing list