Using Volatility 2.6.1 (latest build) on a memory dump (19041), hivelist and hivescan do not show anything. Other plugins like pslist, psscan, etc. work just fine with the same profile.
I have also verified the memory dump with volatility3 and it shows and can export the hives from the same dump file, so there are hives present in the dump. It also says it is a memory dump that has profile 19041.
Could it be some problem with the definitions inside the 19041 profile?
Hi,
Using Volatility 2.6.1 (latest build) on a memory dump (19041),
hivelistandhivescando not show anything. Other plugins likepslist,psscan, etc. work just fine with the same profile.I have also verified the memory dump with volatility3 and it shows and can export the hives from the same dump file, so there are hives present in the dump. It also says it is a memory dump that has profile 19041.
Could it be some problem with the definitions inside the 19041 profile?
Any ideas how to solve this?