[Vol-users] Something changed recently and now my Linux profiles don't work

Jim Clausing clausing at computer.org
Fri Apr 8 08:48:48 CDT 2016


Thank you very much. :-)

--
Jim Clausing
GIAC GSE #26, CISSP
GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D

On or about Thu, 7 Apr 2016, Andrew Case pontificated thusly:

> https://github.com/volatilityfoundation/volatility/commit/429a160925b216f04147bbdbac7ff867947da4d0
>
> :)
>
> Thanks,
> Andrew (@attrc)
>
> On 04/07/2016 03:13 PM, Jim Clausing wrote:
>> Now my feature request, can we get PPID added to the linux_pslist
>> output? :-)
>>
>> --
>> Jim Clausing
>> GIAC GSE #26, CISSP
>> GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D
>>
>> On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly:
>>
>>> I guess it really has been a long week.  It turns out that --info will
>>> show the profiles if I use --plugins=~user/dir but the profile only
>>> actually works if I use --plugins=/home/user/dir  So, I guess problem
>>> mostly solved.  User error on my part.  Return to your regularly
>>> scheduled programming.  (As I slink away in shame)
>>>
>>> --
>>> Jim Clausing
>>> GIAC GSE #26, CISSP
>>> GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D
>>>
>>> On or about Thu, 7 Apr 2016, Jim Clausing pontificated thusly:
>>>
>>>> Sigh... Ignore that last e-mail (although that is all the debug info
>>>> I get when it fails and, yes, I know I gave an invalid switch -m
>>>> should have been -f).  I redid it copying and pasting the profile
>>>> name from the --info listing on the virgin system and it actually
>>>> does work, so my next move is to install (from github) the current
>>>> version on my actual production system and see if that fixes the
>>>> issues.  Maybe the version from the SIFT repos is broken (that is
>>>> what was running on the system where I originally had the problem).
>>>> It has been a long week. :-/.
>>>>
>>>> --
>>>> Jim Clausing
>>>> GIAC GSE #26, CISSP
>>>> GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D
>>>>
>>>> On or about Thu, 7 Apr 2016, Andrew Case pontificated thusly:
>>>>
>>>>> Hey,
>>>>>
>>>>> Can you run volatility with -dd set and send the output? If I can't
>>>>> figure out it from there I will take the memory sample and profile.
>>>>> Feel
>>>>> free to send debug output offline.
>>>>>
>>>>> Thanks,
>>>>> Andrew (@attrc)
>>>>>
>>>>> On 04/07/2016 12:27 PM, Jim Clausing wrote:
>>>>>> Gang,
>>>>>>     I've googled it and saw some other discussion of the dreaded
>>>>>>
>>>>>> ERROR   : volatility.debug    : Invalid profile <blah> selected
>>>>>>
>>>>>> error.  I'm trying to figure out what changed recently so that
>>>>>> profiles
>>>>>> that used to work for me, no longer work.  I just did a fresh Ubuntu
>>>>>> 14.04.4 install and then installed volatility (and distorm3 via pip)
>>>>>> from github and I'm getting the error above.  Note, this is the
>>>>>> current
>>>>>> release version, though I also have the problem with the version from
>>>>>> whatever repo SIFT uses.  The profile actually came from SecondLook
>>>>>> and
>>>>>> worked just fine on a different Ubuntu system about 4 weeks ago, but
>>>>>> today it fails (on the system where it used to run), so I decided
>>>>>> to try
>>>>>> on this virgin system and get the same error.  I'm at a loss, since
>>>>>> there are no other debugging messages to help me out with what
>>>>>> might be
>>>>>> the problem.  I can provide the profile to anyone who needs it (and
>>>>>> probably a memory image, too, but that needs to be a little more
>>>>>> tightly
>>>>>> controlled) if that would help.
>>>>>>
>>>>>> --
>>>>>> Jim Clausing
>>>>>> GIAC GSE #26, CISSP
>>>>>> GPG Fingerprint = A507 774A 39D6 A702 9F7C  8808 3D13 77B8 AACD 848D
>>>>>> _______________________________________________
>>>>>> Vol-users mailing list
>>>>>> Vol-users at volatilityfoundation.org
>>>>>> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
>


More information about the Vol-users mailing list