-
ADAM is on Avro 1.7.7, while bdg-formats is on 1.7.4. I think this is causing some weird behavior with the Spark 1.5 stream of releases which pull in Avro 1.7.7.
-
```
Hey guys,
One flaw in the moddump I submitted last week - its missing BDG's original
find_space function. Thus, it cannot dump a few modules (namely win32k.sys).
Here is a new version of moddu…
-
```
Hey guys,
One flaw in the moddump I submitted last week - its missing BDG's original
find_space function. Thus, it cannot dump a few modules (namely win32k.sys).
Here is a new version of moddu…
-
It would be very useful if the sizing section of the software could work 'on the opposite direction', I mean to estimate the number of readers and cases necessary to achieve a preselected value of pow…
-
```
Results of face-to-face with end user:
After performing analysis on reader scores, the GUI is a nice way to see the
data, but I need a written report. PDF would be nice, especially if it was
un…
-
```
Hmm this is strange. If you take a look at the following MMVAD_FLAGS definition
from xp_sp2_x86_vtypes.py you'll notice all its members have been deleted:
http://code.google.com/p/volatility/sou…
-
```
Hey guys,
One flaw in the moddump I submitted last week - its missing BDG's original
find_space function. Thus, it cannot dump a few modules (namely win32k.sys).
Here is a new version of moddu…
-
```
Hiya,
So just a quick reminder that BitField now support a native_type parameter,
which should be one of the keys in the native_types dict for the profile in
question, and should therefore prod…
-
```
I tried dumps from several Windows 7 (64 Bit) machines and got only the
following output.
1. example:
E:\Viren_MalWare_usw\Debugging\Volatility-64Bit>vol.py -f
..\Viren_Mem_Dumps\Dieter
soft\Wi…
-
```
Hey guys,
In the volatility/plugins/overlays/windows/pe_vtypes.py file we have mostly
hand-made PE structures. The nt module from which we auto-generate OS vtypes
don't define them, so a while…