Extraction linux (3.3rc1:
./linpmem-v3.3.rc1 -e */PhysicalMemory -D output/ yolo.aff
2019-12-19 06:22:58 E Compression method https://tools.ietf.org/html/rfc1951 is not supported by this implementation.
NOT_IMPLEMENTED: at volume_group.cc: 29
NOT_IMPLEMENTED: at aff4_map.cc: 102
NOT_IMPLEMENTED: at volume_group.cc: 65
NOT_IMPLEMENTED: at aff4_imager_utils.cc: 28
2019-12-19 06:22:58 E Error: NOT_IMPLEMENTED
I am able to extract with the windows rc3:
winpmem_v3.3.rc3.exe -dd -e */PhysicalMemory -D output yolo.aff4
Im extracting physical memory collected with snappy compression and it looks as though this compression method isnt implemented in the linux binary.
Collection: winpmem_v3.3.rc3.exe -dd -o yolo.aff -t -c snappy
Extraction linux (3.3rc1: ./linpmem-v3.3.rc1 -e */PhysicalMemory -D output/ yolo.aff 2019-12-19 06:22:58 E Compression method https://tools.ietf.org/html/rfc1951 is not supported by this implementation. NOT_IMPLEMENTED: at volume_group.cc: 29 NOT_IMPLEMENTED: at aff4_map.cc: 102 NOT_IMPLEMENTED: at volume_group.cc: 65 NOT_IMPLEMENTED: at aff4_imager_utils.cc: 28 2019-12-19 06:22:58 E Error: NOT_IMPLEMENTED
I am able to extract with the windows rc3: winpmem_v3.3.rc3.exe -dd -e */PhysicalMemory -D output yolo.aff4