Well, we *do* have the address space for it, but it relies on the ewf library. I don't remember off the top of my head all the details of installing it properly on Windows. I remember some sort of pain though.
-- Jamie Levy (@gleeda) > On Aug 16, 2016, at 11:03 AM, Tom Yarrish <[email protected]> wrote: > > IIRC volatility should be able to handle an E01 file natively now (unless > that's a *nix only thing). But another option would be either 1) Arsenal > Image Mounter (which works much better than FTK, EnCase, etc IMO) or 2) Use > FTK to covert the E01 image to a RAW image file and then just run that > through volatility. > > Thanks, > Tom > > > PGP Key ID - B32585D0 > >> On Tue, Aug 16, 2016 at 2:39 PM, Bridgey theGeek <[email protected]> >> wrote: >> Hi all, >> >> Because the universe hates me, I've been given an E01 of a RAM dump (from >> Win7SP1x64) and I have to use Windows to run Volatility. >> >> I have p99 of tAoMF in front of me. >> >> I tried the "Mount in FTK Imager and point to Z:\unallocated space" thing, >> but pslist showed only 1 entry which looked very corrupt. >> >> I don't have access to EnCase to mount it from there. >> >> So I'd like to use libewf. But can I even use it on Windows?? If I compile >> the library, how do I tell Volatility about the libewf.dll? >> >> >> Basically, how do I use Volatility with libewf on Windows? >> >> Thank you, >> Adam >> >> _______________________________________________ >> Vol-users mailing list >> [email protected] >> http://lists.volatilesystems.com/mailman/listinfo/vol-users > > _______________________________________________ > Vol-users mailing list > [email protected] > http://lists.volatilesystems.com/mailman/listinfo/vol-users
_______________________________________________ Vol-users mailing list [email protected] http://lists.volatilesystems.com/mailman/listinfo/vol-users
