Open smclinden opened 3 years ago
This is a Windows 10 Enterprise image, but it is 17134.
PS docker run -it --rm -v D:\Memory:/data:ro blacktop/volatility imageinfo --filename=/data/hiber.raw --profile=Win10x64_17134 Volatility Foundation Volatility Framework 2.6.1 INFO : volatility.debug : Determining profile based on KDBG search... Suggested Profile(s) : No suggestion (Instantiated with Win7SP1x64) AS Layer1 : WindowsHiberFileSpace32 (Unnamed AS) AS Layer2 : FileAddressSpace (/data/hiber.raw) PAE type : No PAE DTB : 0x1ad000L KUSER_SHARED_DATA : 0xfffff78000000000L
This is a Windows 10 Enterprise image, but it is 17134.
PS docker run -it --rm -v D:\Memory:/data:ro blacktop/volatility imageinfo --filename=/data/hiber.raw --profile=Win10x64_17134 Volatility Foundation Volatility Framework 2.6.1 INFO : volatility.debug : Determining profile based on KDBG search... Suggested Profile(s) : No suggestion (Instantiated with Win7SP1x64) AS Layer1 : WindowsHiberFileSpace32 (Unnamed AS) AS Layer2 : FileAddressSpace (/data/hiber.raw) PAE type : No PAE DTB : 0x1ad000L KUSER_SHARED_DATA : 0xfffff78000000000L