RuntimeError: Unable to find a valid profile for this image. Try using -v for more details.

[ctr1hub]

[timhir]

If you take a full physical memory dump from the system, is Rekall able to analyze it correctly? What about Volatility 3?

Rekall has been discontinued after Physmem2profit was released so I need to start using Volatility 3 anyway. I'm hoping that will fix this issue.

[Fr0gZero]

Any update on using volatility3?

I am trying to find a minidump creation module for lsass but maybe my google fu is not up to snuff.

If you happen to have any resources or one liners on how to create a minidump even from an offloaded physical memory file that would be great.

PS this project is awesome