[Vol-users] Something changed recently and now my Linux profiles don't work

Andrew Case atcuno at gmail.com
Thu Apr 7 14:31:05 CDT 2016


Ok, can you run:

 vol.py --info | grep Linux

and see if the profile name shows up like you have it as --profile?

Thanks,
Andrew (@attrc)

On 04/07/2016 02:26 PM, Jim Clausing wrote:
> -dd doesn't give me anything more than that error.
> 
> jac at ubuntu:~$ vol.py -dd --plugins=profiles
> --profile=Linux3_13_0_79_generic__123_Ubuntu_SMP_Fri_Feb_19_14_27_58_UTC_2016_x86_64
> -m XUbuntu\ 64-bit-Snapshot3.vmem linux_pslist
> Volatility Foundation Volatility Framework 2.5
> ERROR   : volatility.debug    : Invalid profile
> Linux3_13_0_79_generic__123_Ubuntu_SMP_Fri_Feb_19_14_27_58_UTC_2016_x86_64
> selected
> 
> -- 
> Jim Clausing
> GIAC GSE #26, CISSP
> GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D
> 
> On or about Thu, 7 Apr 2016, Andrew Case pontificated thusly:
> 
>> Hey,
>>
>> Can you run volatility with -dd set and send the output? If I can't
>> figure out it from there I will take the memory sample and profile. Feel
>> free to send debug output offline.
>>
>> Thanks,
>> Andrew (@attrc)
>>
>> On 04/07/2016 12:27 PM, Jim Clausing wrote:
>>> Gang,
>>>     I've googled it and saw some other discussion of the dreaded
>>>
>>> ERROR   : volatility.debug    : Invalid profile <blah> selected
>>>
>>> error.  I'm trying to figure out what changed recently so that profiles
>>> that used to work for me, no longer work.  I just did a fresh Ubuntu
>>> 14.04.4 install and then installed volatility (and distorm3 via pip)
>>> from github and I'm getting the error above.  Note, this is the current
>>> release version, though I also have the problem with the version from
>>> whatever repo SIFT uses.  The profile actually came from SecondLook and
>>> worked just fine on a different Ubuntu system about 4 weeks ago, but
>>> today it fails (on the system where it used to run), so I decided to try
>>> on this virgin system and get the same error.  I'm at a loss, since
>>> there are no other debugging messages to help me out with what might be
>>> the problem.  I can provide the profile to anyone who needs it (and
>>> probably a memory image, too, but that needs to be a little more tightly
>>> controlled) if that would help.
>>>
>>> -- 
>>> Jim Clausing
>>> GIAC GSE #26, CISSP
>>> GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D
>>> _______________________________________________
>>> Vol-users mailing list
>>> Vol-users at volatilityfoundation.org
>>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>>>
>>
>>
> 


More information about the Vol-users mailing list