[Vol-users] Timeliner "-R" not parsing Registry in 2.4

Jared Greenhill jared703 at gmail.com
Mon May 18 10:07:12 CDT 2015


Vol Team,

II've been unable to parse the Registry of a Windows system with 2.4 like I
could with 2.3 using the "-R" switch. Do you invoke Registry parsing the
same with 2.4 and Timeliner? When I remove the "-R" flag timeliner runs as
expected. Apologies if this has been discussed somewhere. I've tried with
Vol.py (compiled from source) and the Windows binary flavor of 2.4.

Here's the errors I am receiving:

C:\Users\DFIR-PC\Desktop\Mem>vol.exe -f Bad.img timeliner --output=body >
timeline.txt -R
Volatility Foundation Volatility Framework 2.4
Usage: Volatility - A memory forensics analysis platform.

vol.exe: error: no such option: -R

C:\Users\DFIR-PC\Desktop\Mem>vol.exe -f Bad.img timeliner --output=body
--output-file=timeline.txt -R
Volatility Foundation Volatility Framework 2.4
Usage: Volatility - A memory forensics analysis platform.

vol.exe: error: no such option: -R

C:\Users\DFIR-PC\Desktop\Mem>c:\volatility-master\vol.py -f Bad.img
timeliner --output=body --output-file=timeline.txt -R
Volatility Foundation Volatility Framework 2.4

Usage: Volatility - A memory forensics analysis platform.

vol.py: error: no such option: -R

Thanks!
Jared
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20150518/e829ad99/attachment.html


More information about the Vol-users mailing list