[Vol-users] Timeliner "-R" not parsing Registry in 2.4

Jared Greenhill jared703 at gmail.com
Mon May 18 12:59:05 CDT 2015


Thanks, works fine using that syntax. :)

On Mon, May 18, 2015 at 1:41 PM, Jamie Levy <jamie at memoryanalysis.net>
wrote:

> This is true.  When we allowed an option to specify by types the short -R
> was removed.  I think it was also due to a conflict in options.
>
> --
> Jamie Levy (@gleeda)
>
> On May 18, 2015, at 9:11 AM, Gregory Pendergast <greg.pendergast at gmail.com>
> wrote:
>
> "--type=Registry" works. -R appears to no longer be an option.
>
> On May 18, 2015, at 11:30 AM, Jared Greenhill <jared703 at gmail.com> wrote:
>
>
> Vol Team,
>
>
> II've been unable to parse the Registry of a Windows system with 2.4 like
> I could with 2.3 using the "-R" switch. Do you invoke Registry parsing the
> same with 2.4 and Timeliner? When I remove the "-R" flag timeliner runs as
> expected. Apologies if this has been discussed somewhere. I've tried with
> Vol.py (compiled from source) and the Windows binary flavor of 2.4.
>
>
> Here's the errors I am receiving:
>
>
> C:\Users\DFIR-PC\Desktop\Mem>vol.exe -f Bad.img timeliner --output=body >
> timeline.txt -R
>
> Volatility Foundation Volatility Framework 2.4
>
> Usage: Volatility - A memory forensics analysis platform.
>
>
> vol.exe: error: no such option: -R
>
>
> C:\Users\DFIR-PC\Desktop\Mem>vol.exe -f Bad.img timeliner --output=body
> --output-file=timeline.txt -R
>
> Volatility Foundation Volatility Framework 2.4
>
> Usage: Volatility - A memory forensics analysis platform.
>
>
> vol.exe: error: no such option: -R
>
>
> C:\Users\DFIR-PC\Desktop\Mem>c:\volatility-master\vol.py -f Bad.img
> timeliner --output=body --output-file=timeline.txt -R
>
> Volatility Foundation Volatility Framework 2.4
>
>
> Usage: Volatility - A memory forensics analysis platform.
>
>
> vol.py: error: no such option: -R
>
>
> Thanks!
>
> Jared
>
> _______________________________________________
>
> Vol-users mailing list
>
> Vol-users at volatilityfoundation.org
>
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>
>
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20150518/c5a53c63/attachment-0001.html


More information about the Vol-users mailing list