You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So dumpfiles walks the pages that make up the contents of the stored file, whereas filescan just reads the Size member of the fileobject. This is a short and therefore will not be able to talk about files larger than 65535 bytes anyway. Looks like to get the accurate size we'll need to do the same thing as dumpfiles to walk the pages...
Describe the bug
windows.filescan
reports all files to be of size216
Context
Volatility Version: 2.5.0
Operating System: Ubuntu 22.04
Python Version: 3.10.12
Suspected Operating System: Windows 10
Command:
vol -f /mnt/d/Projects/dump.raw windows.filescan
To Reproduce
Run the plugin on any dump for windows 10
vol -f /mnt/d/Projects/dump.raw windows.filescan
Expected behavior
The correct Size is reported
Example output
Additional information
Dump files correctly saves and extracts the correct size of file object
The text was updated successfully, but these errors were encountered: