Windows 2000 32Bit ,SP4

[HaroldFi]

I know this OS version is very old, but i need this profile so badly. I didn't find anyone requesting this profile on google. Please advise how to find this profile

[gleeda]

You will need to build a profile for this OS, using the ntoskrnl from disk. You will also have to make some modifications in order to get things to work with Volatility. I may be able to help you with this, if I have some spare time.

You can also try to use PTFinder [1][2], which carves out some items for Windows 2000.

[1] http://computer.forensikblog.de/en/2007/11/ptfinder-version-0305.html

[2] http://computer.forensikblog.de/en/2008/11/ptfinder-for-windows-vista.html

[damelo]

Hi @HaroldFi , did you get it?

[]´s

[debernal]

Hello, I want to do the same as HaroldFI, Is there any existing documentation or manual on how to create a profile using the ntoskrnl from disk? Thanks