volatility 2 or 3 linux profile for linux version 5.4.0-33-generic

[indtia]

i am working for my research project and have to parse memory dumps taken from linux version 5.4.0-33-generic , exact output of banner command is :

PS C:\Users\INDERJEET HP\Desktop\volatility3\volatility3-2.4.1> python3 vol.py -f "D:\DumpDataset\extract attack dumps\5_1604625601.mem" banner Volatility 3 Framework 2.4.1 Progress: 100.00 PDB scanning finished Offset Banner

0xa0001a0 Linux version 5.4.0-33-generic (buildd@lcy01-amd64-022) (gcc version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)) #37-Ubuntu SMP Thu May 21 12:53:59 UTC 2020 (Ubuntu 5.4.0-33.37-generic 5.4.34) 0x250173a8 Linux version 5.4.0-33-generic (buildd@lcy01-amd64-022) (gcc version 9.3.0 (Ubuntu 9.3.0-10ubuntu2)) #37-Ubuntu SMP Thu May 21 12:53:59 UTC 2020 (Ubuntu 5.4.0-33.37-generic 5.4.34)

it will be great if someone who has created a linux profile for the above kernel version for used in volatility 2.6.1 or volatility3. thanks

[Abyss-W4tcher]

Hello, you can try the Volatility2 profile here : https://github.com/Abyss-W4tcher/volatility2-profiles/tree/master/Ubuntu/amd64/5.4.0/33/generic .

[indtia]

hello, thank you so much for your response.i used the profiles and it worked, i really appreciate your work.