[Vol-users] CentOS 5.8 profile not working

Toan. Pham Van toanpv at vng.com.vn
Tue May 20 21:40:27 CDT 2014


Dear sir,
Currently we doing investigate an security breach, our server is CentOS 5.8. After dump memory raw, we can not processing with Volatility. We have read the topic :
http://lists.volatilityfoundation.org/pipermail/vol-users/2013-February/000742.html
After edit to that DTB we found it work on LIME profile but doesn't work on Raw memory dump. Can we have some instruction how to convert Raw memory to LIME? Or how to debug to find correct DTB in raw memory only?
Btw, we trying to brute force like your advise but it very long since the range is from -0x200000 -> 0x200000.
Regards,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20140521/461c1045/signature.bin


More information about the Vol-users mailing list