CODEWITHSUNDEEP
linuxubuntucomputer-forensicsvolatility
Mayank Joshi
Mayank Joshi

Reputation: 1

How to know what debug symbol I should make to extract all information from .dmp file using Volatility3

I have a .dmp file, which is a memory dump, I don't know what was the OS and kernel at the time of taking the memory dump, so I decided to run banner using volatility3 on .dmp file and got the below results.

Volatility 3 Framework 2.7.0                                                                                                                                                                                
Progress:  100.00               PDB scanning finished                                                                                                                                                       
Offset  Banner                                                                                                                                                                                              
                                                                                                                                                                                                            
0xa5c7fc4       Linux version 4.4.0-63-generic (buildd@lgw01-03) (gcc versiosQPDiscardWhitespace                                                                                                            
0xbfbffde       Linux version 3.8.13-35.1.2.el6uek                                                                                                                                                          
0xc013fed       Linux version 5.4.0                                                                                                                                                                         
0xc019fab       Linux version 4.13.0-1019-gcp (buildd@lgw01-amd64-040) (gcc version 5.4.0 20160609 (U                                                                                                       
0xce5efd1       Linux version 5.0.0-25-generic (buildd@lcy01-am(                                                                                                                                            
0xcfbffc8       Linux version 4.18.0-1014-azure (buildd@lcy01-amd64-022)                                                                                                                                    
0x1648efbe      Linux version 5.4.0-1015-gkeop (buildd@lgw01-amd64-022) (gcc versi                                                                                                                          
0x40c77f65      Linux version 4.2.0-27-generic (buildd@lcy01-23) (gcc version 4.8.2 (Ubuntu 4.8.2-19ubuntu1) ) #32~14.04.1-Ubuntu SMP Fri Jan 22 15:32:26 UTC 2016 (Ubuntu                                  
0x4b247f8f      Linux version 4.13.0-1022-oem (buildd@lcy01-amd64-010) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.9                                                                           
0x54373f97      Linux version 4.4.7-4.4.y.20160412.ol6.x86_64 (mockbuild@x86-ol6-builder-04) (gcc version 4.4.6 20120305                                                                                    
0x6971ffaa      Linux version 4.14.133-88.112.amzn1.x86_64 (mockbuild@koji-pdx-corp-builder-64003) (gc                                                                                                      
0x9ec80f75      Linux version 4.8.0-49-lowlatency (buildd@lcy01-26) (gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) ) #52~16.04.1-Ubuntu SMP PRare                                              
0xaf7d0faa      Linux version 4.4.0-109-generic (buildd@lgw01-amd64-038) (gcc version 5.4.0 20160609 (29726001000                                                                                           
0x1eaa00200     Linux version 5.15.0-88-generic (buildd@lcy02-amd64-058) (gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #98-Ubuntu SMP Mon Oct 2 15:18:56 UTC 2023 (Ubun
tu 5.15.0-88.98-generic 5.15.126)                                                                                                                                                                           
0x1eca35778     Linux version 5.15.0-88-generic (buildd@lcy02-amd64-058) (gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #98-Ubuntu SMP Mon Oct 2 15:18:56 UTC 2023 (Ubun
tu 5.15.0-88.98-generic 5.15.126)6)

Now to extract the information further I must make custom debug symbol, but I am confused for what kernel I should make it for???

Upvotes: 0

Views: 40

Answers (0)

Related Questions