Volatility 2.6 hangs on imageinfo command Ubuntu 16.04

[Gbengat]

I just installed volatility 2.6 on Ubuntu 16.04 64-Bit, created a profile, and dis a memory dump with lime. On trying to analyze it I am trying to get info on suggested profiles. However when I issue the imageinfo command, it doesn't go beyond the point in the image below, even after sitting for 2 hours. Is this a bug?

[gleeda]

The imageinfo plugin is only supposed to be used with Windows memory samples. Therefore it will not be useful to run on a Linux memory sample.

Try using the strings utility on Linux against the memory sample and grep for "BOOT_IMAGE" in order to get an idea of the profile:

$ strings -a Linux64.mem |grep BOOT_IMAGE

[AnkitKundariya]

Dear @gleeda can you please explain me in detail how exactly this command $ strings -a Linux64.mem |grep BOOT_IMAGE

help me to find suggested profile for Linux Memory sample

[tommyob]

I am having the same issue, only I know my image is a windows server 2012 image, which is compatible with volatility because I ran: volatility --info and windows server 2012 is listed as one of the compatible samples. Here is a screenshot of what I am seeing:

[gaterunner341]

I'm having the same issue, Windows 10 Version 10.0.17134.858. Program hangs up on imageinfo.

[cvnikhil000]

@gaterunner341 i too got the same issue after volatility updated to 2.6 the profile option takes the build number of windows 10 so run vol.exe --info | more In the output you can see some windows 10 profiles in your case it looks like Win10x64_17134 so provide --profile=Win10x64_17134 if it doesn't work then try one of the profiles instead of running imageinfo. If the suspect windows machine is available to you then in run type "winver" there you can see windows 10 build number

[jklipsch]

Sadly, I am also having the same issue using the latest SIFT-Workstation...with Rekall no longer being dev'ed and now this not working...I'm running out of options.

[atcuno]

@gaterunner341 I would suggest kdbgscan instead of imageinfo. Also, if you know the profile already, what are you looking to gain from imageinfo?

[atcuno]

Sadly, I am also having the same issue using the latest SIFT-Workstation...with Rekall no longer being dev'ed and now this not working...I'm running out of options.

What is the OS version of the sample you are running imageinfo against? And how was the memory acquired?

[nikitso]

I'm having the same issue on any Windows 10 RAM image with size > 10 Gb. imageinfo never completes

[muteebarmaghan]

I am having the same issue, I'm using volatility 2.6 standalone for windows , and it is taking too much time when I use imageinfo plugin against a ram dump ( .mem image) of 64GBs . Even for now it has been a whole day and it is sill stuck there.

someone help me please...