A Geek Raised by Wolves - February 14th, 2009

A Geek Raised by Wolves - February 14th, 2009

jessekornblum

[	website	\|	My Website	]
[	userinfo	\|	livejournal userinfo	]
[	archive	\|	journal archive	]

Links

[

Links:

Browse by Tag LiveJournal Portal Update Journal Logout

]

February 14th, 2009

Fixing the 'suspicious.py' Volatility module [Feb. 14th, 2009|11:06 am]

[

Tags

hacking, memory analysis

]

Several people have asked about the following error when using the suspicious.py plugin for Volatility:

Traceback (most recent call last):
  File "volatility", line 219, in 
    main()
  File "volatility", line 201, in main
    MemoryRegistry.Init()
  File "/Users/jessek/Volatility-1.3_Beta/forensics/registry.py", line 269, in Init
    OBJECT_CLASSES = VolatilityObjectRegistry(object2.Object)
  File "/Users/jessek/Volatility-1.3_Beta/forensics/registry.py", line 244, in __init__
    raise Exception("Object %s has already been defined by %s" % (obj,self.objects[obj]))
Exception: Object _EPROCESS has already been defined by class 'example3._eprocess'="'example3._EPROCESS'">

The error is caused by a collision of the _EPROCESS object in suspicious.py and example3.py. The easiest way to solve the problem is to remove example3.py from the memory_plugins directory.

Link 1 comment|Leave a comment

navigation

[	viewing	\|	February 14th, 2009	]
[	go	\|	Previous Day\|Next Day	]

Advertisement