c-aff4
c-aff4 copied to clipboard
Velocidex
An AFF4 C++ implementation.
Error: StartService(), Cannot start the driver: A device attached to the system is not functioning.
Windows 10 x64 (Insider) Surface Book 2, 16GB RAM VSM enabled: Yes Cred. Guard enabled: Yes HVCI enabled: No ``` C:\Windows\Temp>winpmem.exe -o c:\Windows\Temp\test.dmp -ddd 2020-05-23 16:19:46 I This is The...
This patch fixes building on current MacOS and adds support for automatically loading dependent striped image containers that are stored in the same folder as a container that has been...
Im aquiring some files and all date and time are beeing modify to the aquisition time. Shouldnt it be keeping the original creation/modification time?
Hello, I tried building c-aff4 from today's master branch head (657dc28b805a55e44696125e6b3627e64dfc653a) and hit a couple problems related to `libspdlog-dev`. Build environment: Decently-fresh Ubuntu 20.04 Desktop. First, it looks like `autoconf`...
I try to run linpmem against my Debian based Kali Linux system with the goal of creating a memory-only dump for analysis in volatility. If I choose any valid parameters...
In a previously closed thread found here: https://github.com/Velocidex/c-aff4/issues/25 It was identified as a commented out line that solved the dependency issue. There is a "linpmem.gz" attachment dated April 26, 2018...
When making an image and using snappy compression winpmem hangs. It works using default compression.
Sorry, wrong tool! This article refers to winpmem! The whole help is not ready for Windows command line version: a) help does not work with /? as expected in Windows...
d:\winpmem_v3.3.rc3.exe Image.mem -e PhysicalMemory -o Raw.img PARSING_ERROR: at zip.cc: 151 PARSING_ERROR: at aff4_imager_utils.cc: 249 2020-05-26 15:04:17 E Imaging failed with error: PARSING_ERROR
cmd like this "winpmem_v3.3.rc3.exe -dd -o test.raw --format raw --volume_format raw" , it's raw output. but if cmd like this "winpmem_v3.3.rc3.exe -dd -o - --format raw --volume_format raw", it is...
