Help Command
Image Info: We often use imageinfo to identify the profile(s) of a forensic memory image but you can also get the information about the image date and time in UTC.
Once you've identified the right profile; in this case it's Win2008R2SP1x64. You can choose to set it as an environment variable:
export VOLATILITY_PROFILE=Win2008R2SP1x64
You can use unset command to remove it too:
unset VOLATILITY_PROFILE
export VOLATILITY_PROFILE=Win2008R2SP1x64
You can use unset command to remove it too:
unset VOLATILITY_PROFILE
RSS Feed