Utilizing Rekall in Windows - "Rekall Memory Forensics (Console)" Usage Problems

[Matthew Grady]

Evening all!

Situation: I am attempting to analyze .mem and .vmem dumps but standard syntax I have seen in videos and documentation does not appear to be working.

I searched the group posts, didn't see anything in documentation or in general searches, related to the using of Rekall Console in Windows.

I have installed Rekall, and the most recent Python 3 packages, and I can successfully launch the "Rekall Memory Forensics (Console)" but from that point on functionality appears to be a problem for me.  That and I have little experience in using Rekall ever.

Does anyone have input in regards to what I am doing wrong or I am missing?

Thanks!

[Michael Cohen]

You are trying to run shell commands from within the interactive console
session. The command you are using should be used in the cmd shell to
start rekall in order to get to the interactive console.

> --
> You received this message because you are subscribed to the Google
> Groups "rekall-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to rekall-discus...@googlegroups.com
> <mailto:rekall-discus...@googlegroups.com>.
> To post to this group, send email to rekall-...@googlegroups.com
> <mailto:rekall-...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.

[Matt G]

Sir,

I appreciate the quick reply.

So in this case I should be launching "cmd.exe." cd'ing my way to the correct file path and executing these commands then?

I guess in my ignorance I have to ask how I should be using the "Rekall Memory Forensics (Console)" that I can launch from Start Menu\Programs\Rekall Memory Forensics file path?  

I honestly apologize for my ignorance on the usage of Rekall.  The pure Windows install, not using python pip for example, doesn't have documentation I could find of use. I could be wrong of course but I have not had any luck in finding any to this point.

Thanks again.

On Saturday, December 29, 2018 at 8:21:26 PM UTC-5, Michael Cohen wrote:

You are trying to run shell commands from within the interactive console
session. The command you are using should be used in the cmd shell to
start rekall in order to get to the interactive console.

On 12/30/18 11:18 AM, Matthew Grady wrote:
> Evening all!
>
> Situation: I am attempting to analyze .mem and .vmem dumps but
> standard syntax I have seen in videos and documentation does not
> appear to be working.
>
> I searched the group posts, didn't see anything in documentation or in
> general searches, related to the using of Rekall Console in Windows.
>
> I have installed Rekall, and the most recent Python 3 packages, and I
> can successfully launch the "Rekall Memory Forensics (Console)" but
> from that point on functionality appears to be a problem for me.  That
> and I have little experience in using Rekall ever.
>
> Does anyone have input in regards to what I am doing wrong or I am
> missing?
>
> Thanks!
>
>
> --
> You received this message because you are subscribed to the Google
> Groups "rekall-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to rekall-discus...@googlegroups.com

> <mailto:rekall-discuss+unsub...@googlegroups.com>.