Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no result when running imageinfo #622

Closed
WendyBaiYunwei opened this issue Jun 25, 2019 · 1 comment
Closed

no result when running imageinfo #622

WendyBaiYunwei opened this issue Jun 25, 2019 · 1 comment

Comments

@WendyBaiYunwei
Copy link

When I run imageinfo command on windows 10, 64 bits, standalone version, I cannot get any result. Here is the screenshot:
image

I am wondering whether my command is wrong, or my captured image has a problem.
I tried to capture the ram image in both raw and mem format. The tools I used were belkasoft and FTK imager. Both cannot work. I captured the image in a win 10 virtual machine with 1G ram, and transferred the image back to my host machine for analysis.
Please help. Thank you!
@atcuno
Copy link
Contributor

atcuno commented Nov 29, 2019

Hello,

First - the compiled version of Volatility (assuming you are using the one we distributed) is extremely old. You should instead use the latest version of Volatility from the GitHub master branch.

Second - If you have a VM then its best to capture using the virtual machine facilities.

Third - Both FTK Imager and Belkasoft are known to produce invalid memory samples from Windows 10 systems.

Please re-open this if you still have issues using the latest code and a better acquisition method.

@atcuno atcuno closed this as completed Nov 29, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@atcuno @WendyBaiYunwei