Notifications
Clear all

"Sockets" error

3 Posts
2 Users
0 Reactions
490 Views
(@bdmeyer)
Eminent Member
Joined: 16 years ago
Posts: 36
Topic starter  

I have had all modules attempted work for me on this image today. (Running under a Mac - Snow Leopard)
The image was created using the new version of win32dd. That puppy is FAST.

Here is my command line and error message

commandme python volatility sockets -f cdavis-mem.dmp
/work/Volatility-1.3_Beta/forensics/win32/crashdump.py31 DeprecationWarning the sha module is deprecated; use the hashlib module instead
import sha

The OS of the image is XP SP3. It is known to have Sinowal MBR root kit, and a new variant of Torpig. Naturally, I would love to see any open connections! -)

Just thought I should report it. You folks have been so helpful in the past.

–Bruce D. Meyer


   
Quote
 moss
(@moss)
New Member
Joined: 15 years ago
Posts: 1
 

I have had all modules attempted work for me on this image today. (Running under a Mac - Snow Leopard)
The image was created using the new version of win32dd. That puppy is FAST.

Here is my command line and error message

commandme python volatility sockets -f cdavis-mem.dmp
/work/Volatility-1.3_Beta/forensics/win32/crashdump.py31 DeprecationWarning the sha module is deprecated; use the hashlib module instead
import sha

The OS of the image is XP SP3. It is known to have Sinowal MBR root kit, and a new variant of Torpig. Naturally, I would love to see any open connections! -)

Just thought I should report it. You folks have been so helpful in the past.

–Bruce D. Meyer

Halo Bruce
i had the same error this morning,how did you manage to overcome it.
thi is the error
Desktop/Volatility-1.3_Beta/Volatility-1.3_Beta/forensics/win32/crashdump.py31 DeprecationWarning the sha module is deprecated; use the hashlib module instead
import sha


   
ReplyQuote
(@bdmeyer)
Eminent Member
Joined: 16 years ago
Posts: 36
Topic starter  

I don't believe I ever did. I started using Mandiant 'Memoryze' and Mandiant 'AuditViewer' They are free, and the newer version are very useful. Now that FTK3.x handles volatile meory analysis, I don't use those tools anymore.

–Bruce


   
ReplyQuote
Share: