[Vol-users] Volatility-Linux TypeError

Patrick Burkard pbuml at gmx.de
Sun Jan 29 12:49:02 CST 2012


Hello,

> This makes a little more sense...
> 
> So your analysis machine is 64 bit, but the target is 32 bit and you
> created the profile on the analysis target?

That's correct.

> Also, how did you acquire the memory image?

I use VirtualBox to run my VMs. With VBoxManage and the debugvm command
you can generate a dump of some VM information processor registers etc.
This is written in an elf style format.

At the end of this data structure a complete raw RAM-Dump is written,
that you can easily write to a file. At some points I checked it with
the information that the fmem kernel module generates an this seems to
be correct.

Greetings
Patrick


More information about the Vol-users mailing list