search

Gakaza / volatility

Automatically exported from code.google.com/p/volatility
0 stars 0 forks source link

No Linux profiles #495

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
Please provide any additional information below.

I'm currently working on a cybercrime challenge of the dutch police but we've 
got a .raw memory image but I can't do anything with it since I have no linux 
profiles.

I found that you can download some different linux profiles but they will never 
show up when i enter: python vol.py --info

I only see these profiles: 

Profiles
--------
VistaSP0x64     - A Profile for Windows Vista SP0 x64
VistaSP0x86     - A Profile for Windows Vista SP0 x86
VistaSP1x64     - A Profile for Windows Vista SP1 x64
VistaSP1x86     - A Profile for Windows Vista SP1 x86
VistaSP2x64     - A Profile for Windows Vista SP2 x64
VistaSP2x86     - A Profile for Windows Vista SP2 x86
Win2003SP0x86   - A Profile for Windows 2003 SP0 x86
Win2003SP1x64   - A Profile for Windows 2003 SP1 x64
Win2003SP1x86   - A Profile for Windows 2003 SP1 x86
Win2003SP2x64   - A Profile for Windows 2003 SP2 x64
Win2003SP2x86   - A Profile for Windows 2003 SP2 x86
Win2008R2SP0x64 - A Profile for Windows 2008 R2 SP0 x64
Win2008R2SP1x64 - A Profile for Windows 2008 R2 SP1 x64
Win2008SP1x64   - A Profile for Windows 2008 SP1 x64
Win2008SP1x86   - A Profile for Windows 2008 SP1 x86
Win2008SP2x64   - A Profile for Windows 2008 SP2 x64
Win2008SP2x86   - A Profile for Windows 2008 SP2 x86
Win7SP0x64      - A Profile for Windows 7 SP0 x64
Win7SP0x86      - A Profile for Windows 7 SP0 x86
Win7SP1x64      - A Profile for Windows 7 SP1 x64
Win7SP1x86      - A Profile for Windows 7 SP1 x86
WinXPSP1x64     - A Profile for Windows XP SP1 x64
WinXPSP2x64     - A Profile for Windows XP SP2 x64
WinXPSP2x86     - A Profile for Windows XP SP2 x86
WinXPSP3x86     - A Profile for Windows XP SP3 x86

But obviously I need Linux profiles to determine the OS of the image file..

This is the list I get on ubuntu 13.10 and the same is for the windows 
standalone

Hope you guys can help me.

Original issue reported on code.google.com by powncl...@gmail.com on 16 Apr 2014 at 5:54

GoogleCodeExporter commented 8 years ago 
Sorry I see this is only for real issues nog for help. 

admin/mod can remove this.

Original comment by powncl...@gmail.com on 16 Apr 2014 at 6:12

GoogleCodeExporter commented 8 years ago 
You need to create or download a profile and then copy it to 
volatility/plugins/overlays/linux

See https://code.google.com/p/volatility/wiki/LinuxMemoryForensics and post on 
Vol-Users mailing list if you still need help.

Original comment by michael.hale@gmail.com on 19 Apr 2014 at 3:17