[Vol-dev] A few questions

AAron Walters awalters at 4tphi.net
Tue May 13 19:35:15 CDT 2008 


Tim,

Thanks for the email.  We are always excited to help people get involved 
with the project. Contributions are always encouraged and appreciated!

> However, I have run in to a problem.  I'm trying to get familiar with
> the tools using the Windows XP images available in:
>  http://www.cfreds.nist.gov/mem/memory-images.rar

Sorry you have caught us in the midst of a transition. We will soon be 
releasing a lot of new functionality with Volatility 1.3.  I believe the 
error message you are getting has been fixed in the upcoming release.  If 
you are interested, we can send you a newer version from 1.2 branch to 
test.

Could you possibly provide us some information about the system you are 
running Volatility on? Version of Python? Hardware architecture 
(64/32/bit)? OS?  We are unable to generate the same error when processing 
that image using Volatility 1.1.1.

> Since I'm running Volatility 1.1.1, I'd guess that this may have already
> been fixed in 1.2.* or 1.3.*.  I've read through all of the mailing list
> archives and scoured your project site, but I can't seem to find those
> newer versions for download.  Perhaps I'm just totally missing
> something.  Could someone point me in the right direction to get the
> latest version?  SVN or other development repository would be fine, I
> don't mind messing with bleeding edge stuff.

The 1.2 version was never officially released. It was only made available 
to users who were experiencing bugs with 1.1.1 or had feature requests. We 
would be more than happy to send you an updated version, if are 
interested.  The next official release will be 1.3.

> The second reason for my post is that I'll be giving an introductory
> training course on incident response and digital forensics next month,
> and I had considered introducing students to volatility and other memory
> analysis tools.  Do you folks have suggestions as to which features of
> volatility would be the best to showcase in that type of setting?

We would also be more than happy to provide suggestions.  What type of 
audience are you expecting? Are you planning to do some kind of demo or 
walk through an example scenario? There will also be a number of features 
in Volatility 1.3 that they will find very interesting. If you are an IRC 
user, you may also consider logging into the #volatility channel on 
freenode. On that channel, you will find the developers of all the memory 
analysis tools.

Thanks,

AW

More information about the Vol-dev mailing list