Ubuntu 20.04 or Wnd...
 
Notifications
Clear all

Ubuntu 20.04 or Wndows Server hibinfo command

3 Posts
2 Users
0 Likes
1,043 Views
steveareno
(@it-dude)
Posts: 16
Eminent Member
Topic starter
 

Using Volatility 2.6 on Windows Server, with a 16 GB ram dump, I converted hyberfil.sys into an image file using imagecopy. The result was "--output-image=hiberSvr2019.img" which is 524,288 KB. I then attempted to use the hibinfo command using "volatility hibinfo -f C:\--output-image=hiberSvr2019.img --profile=Win2016x64_14393" and several different placements of the hibinfo command. I always get "ERROR : volatility.debug : Memory Image could not be identified or did not contain hiberation information" I have Volatility 3 Beta on my Ubuntu 20.04 PC so I did not test it on a beta yet. I am not using any VM. If anyone has been successful using hibinfo on Linux or Windows, please share the commands that worked. Thank you.

 
Posted : 30/01/2022 7:47 am
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

Good question, but I have no clue and never done it with Volatility....because Hibernation Recon is working fine. So, if you do not make any progress here, you should try it.
Downloads | Arsenal Recon

regards,
Robin

 
Posted : 30/01/2022 3:48 pm
steveareno
(@it-dude)
Posts: 16
Eminent Member
Topic starter
 

@bunnysniper 

Thank you for the link. I have downloaded it before but never tried it.

 
Posted : 30/01/2022 11:00 pm
Share: