The imageinfo output tells you the suggested profile that you should pass as the parameter to -profile=PROFILE when using other plugins. Suggested Profile(s) : Win7SP0圆4, Win7SP1圆4, Win2008R2SP0圆4, Win2008R2SP1圆4ĪS Layer2 : FileAddressSpace (/Users/Michael/Desktop/win7_trial_64bit.raw) Volatility Foundation Volatility Framework 2.4ĭetermining profile based on KDBG search. $ python vol.py -f ~/Desktop/win7_trial_64bit.raw imageinfo Most often this command is used to identify the operating system, service pack, and hardware architecture (32 or 64 bit), but it also contains other useful information such as the DTB address and time the sample was collected. Crash Dumps, Hibernation, and Conversionįor a high level summary of the memory sample you're analyzing, use the imageinfo command.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |