Rename raw mode expert and provide more warnings around use of this format. Closes #111 #121
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
|
I am fine with making the warnings more verbose if that would be useful, but I am hesitant to agree to changing the value of the parameter. This would break all existing automation scripts and tooling. |
Contributor
Author
|
That makes sense. I'll remove those changes. |
NobodySpecial256
added a commit
to NobodySpecial256/LiME
that referenced
this pull request
Dec 19, 2024
Provide more warnings around use of this format. Closes 504ensicsLabs#111 (504ensicsLabs#121)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello 👋
This PR renames the 'raw' mode to 'expert' and provides more warnings around it's use. There have been many issues with people attempting to analyze 'raw' formatted files with forensics tools such as volatility and failing because the memory is no longer aligned.
The existing warnings already explain this but it seems to be overlooked. By making the warnings even more verbose and making the option called expert hopefully that will deter normal users - while still allowing experts that wish to use this format if they wish.
🦊