I am using Ubuntu 20.04 with Autopsy-4.19.2 and a Belksoft 16 GB ram image (.mem.) After starting new case, I am not getting any errors with with “Volatility Dump File Module”;“Volatility Convert Hiber/Crash Module” and “Volatility Module” selected but no ingest activity bar progress. I left the three Volatility ingest modules selected and also Recent Activity, but I do not see any files in the entire tree view. I do have the Experimental Plugin installed. See my Ingest Inbox messages and please advise. Thank you.
How did you add the .mem data source to the case? What are the ingest options you used for each ingest module selected. Since you are running on Linux the volatility DSP will not function since that is a windows only feature.
Mark,
Thank your for your fast reply. my module settings are in the screenshots.
The Select Data Source Type used is Memory Image File (Volatility).
I tried setting the Volatility Module Version to 2.6 and the Profile to Auto Detect; after running the Volatility Module revert back to Version 2.5 and Profile VistaSP0x64
When you use those plugins you will need to add the image file as a logical data source and nit a memory image. What version of volatility are you using? This version of the plugins only support versions 2.5 or 2.6 of volatility.
That’s good to know. I am using Volatility 3; I will regress to 2.6 and not use the mem dump.