[Vol-users] diagnose problematic ram dump?
robdewhirst at gmail.com
Wed Nov 6 11:20:40 CST 2013
kdbgscan had no results. When we acquired we used the default mode -
I can probably share this 5GB dump with individuals if that helps, so
long as it doesn't end up in some public corpus.
On Wed, Nov 6, 2013 at 3:49 AM, Michael Cohen <scudette at gmail.com> wrote:
> Hi Rob,
> It looks to me like volatility can not find the correct kdbg
> location. Can you please also try the kdbgscan module? When you
> acquired the image did you use the default mode ("physical" - maps
> \\.\PhysicalMemory device)?
More information about the Vol-users