Cachedump, hashdump and lsadump don't run by default - Need help installing pycryptodome

[Promisecharles]

Running the command python3 -vol.py -h displays error message The following plugins could not be loaded (use -vv to see why): volatility3.plugins.windows.cachedump, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.lsadump

This error message displays at the end of the usage menu.

[ikelos]

Thanks, if you run it with vol.py -vv -h you should see that it says those particular plugins require a python package that isn't installed (crypto which, for various reasons, in pypi is called pycryptodome). This can be found as a requirement in the requirements.txt. For volatility to work correctly, you must also make sure you have pefile installed which is a hard dependency for the whole framework.

[Promisecharles]

I tried running the pip install -r requirements but i was still getting a message to install on a different VM

[ikelos]

Ok, well, you'll need to get pycryptodome installed, so that the python installation you run volatility with can see it. So either on your system's python path (or install it as a user with pip install --user ...).

We can't really help with specific operating systems since their pythons may be configured in different ways, but you might get better support by providing specific error messages? It's difficult to understand what "install on a different VM" means and it's not an error message I've ever heard of pip returning...

[warlocksmurf]

@Promisecharles you can just reinstall pycryptodome, usually works for me

[Promisecharles]

It worked. Thanks. problem Solved.