[Vol-users] Something changed recently and now my Linux profiles don't work

Jim Clausing clausing at computer.org
Thu Apr 7 15:13:01 CDT 2016


Now my feature request, can we get PPID added to the linux_pslist output? 
:-)

--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D

On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly:

> I guess it really has been a long week.  It turns out that --info will show 
> the profiles if I use --plugins=~user/dir but the profile only actually works 
> if I use --plugins=/home/user/dir  So, I guess problem mostly solved.  User 
> error on my part.  Return to your regularly scheduled programming.  (As I 
> slink away in shame)
>
> --
> Jim Clausing
> GIAC GSE #26, CISSP
> GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D
>
> On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly:
>
>> Sigh... Ignore that last e-mail (although that is all the debug info I get 
>> when it fails and, yes, I know I gave an invalid switch -m should have been 
>> -f).  I redid it copying and pasting the profile name from the --info 
>> listing on the virgin system and it actually does work, so my next move is 
>> to install (from github) the current version on my actual production system 
>> and see if that fixes the issues.  Maybe the version from the SIFT repos is 
>> broken (that is what was running on the system where I originally had the 
>> problem).  It has been a long week. :-/.
>> 
>> --
>> Jim Clausing
>> GIAC GSE #26, CISSP
>> GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D
>> 
>> On or about Thu, 7 Apr 2016, Andrew Case pontificated thusly:
>> 
>>> Hey,
>>> 
>>> Can you run volatility with -dd set and send the output? If I can't
>>> figure out it from there I will take the memory sample and profile. Feel
>>> free to send debug output offline.
>>> 
>>> Thanks,
>>> Andrew (@attrc)
>>> 
>>> On 04/07/2016 12:27 PM, Jim Clausing wrote:
>>>> Gang,
>>>>     I've googled it and saw some other discussion of the dreaded
>>>> 
>>>> ERROR   : volatility.debug    : Invalid profile <blah> selected
>>>> 
>>>> error.  I'm trying to figure out what changed recently so that profiles
>>>> that used to work for me, no longer work.  I just did a fresh Ubuntu
>>>> 14.04.4 install and then installed volatility (and distorm3 via pip)
>>>> from github and I'm getting the error above.  Note, this is the current
>>>> release version, though I also have the problem with the version from
>>>> whatever repo SIFT uses.  The profile actually came from SecondLook and
>>>> worked just fine on a different Ubuntu system about 4 weeks ago, but
>>>> today it fails (on the system where it used to run), so I decided to try
>>>> on this virgin system and get the same error.  I'm at a loss, since
>>>> there are no other debugging messages to help me out with what might be
>>>> the problem.  I can provide the profile to anyone who needs it (and
>>>> probably a memory image, too, but that needs to be a little more tightly
>>>> controlled) if that would help.
>>>> 
>>>> --
>>>> Jim Clausing
>>>> GIAC GSE #26, CISSP
>>>> GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D
>>>> _______________________________________________
>>>> Vol-users mailing list
>>>> Vol-users at volatilityfoundation.org
>>>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>>>> 
>>> 
>>> 
>> 
>


More information about the Vol-users mailing list