I have had all modules attempted work for me on this image today. (Running under a Mac - Snow Leopard)
The image was created using the new version of win32dd. That puppy is FAST.
Here is my command line and error message
commandme python volatility sockets -f cdavis-mem.dmp
/work/Volatility-1.3_Beta/forensics/win32/crashdump.py31 DeprecationWarning the sha module is deprecated; use the hashlib module instead
import sha
The OS of the image is XP SP3. It is known to have Sinowal MBR root kit, and a new variant of Torpig. Naturally, I would love to see any open connections! -)
Just thought I should report it. You folks have been so helpful in the past.
–Bruce D. Meyer
I have had all modules attempted work for me on this image today. (Running under a Mac - Snow Leopard)
The image was created using the new version of win32dd. That puppy is FAST.Here is my command line and error message
commandme python volatility sockets -f cdavis-mem.dmp
/work/Volatility-1.3_Beta/forensics/win32/crashdump.py31 DeprecationWarning the sha module is deprecated; use the hashlib module instead
import shaThe OS of the image is XP SP3. It is known to have Sinowal MBR root kit, and a new variant of Torpig. Naturally, I would love to see any open connections! -)
Just thought I should report it. You folks have been so helpful in the past.
–Bruce D. Meyer
Halo Bruce
i had the same error this morning,how did you manage to overcome it.
thi is the error
Desktop/Volatility-1.3_Beta/Volatility-1.3_Beta/forensics/win32/crashdump.py31 DeprecationWarning the sha module is deprecated; use the hashlib module instead
import sha
I don't believe I ever did. I started using Mandiant 'Memoryze' and Mandiant 'AuditViewer' They are free, and the newer version are very useful. Now that FTK3.x handles volatile meory analysis, I don't use those tools anymore.
–Bruce