Report: Image Info

The 'front page' of the Project Freta report contains a number of global values obtained from the analysis of the target memory image.

Report Data: Image Info

Following are a set of values harvested at the instant the memory snapshot was taken of the centos 6 - 2.6.32-696.28.1.el6.x86_64 image from the samples gallery (requires authentication).

Image Info Report

The following table describes each column of the reported data.

Field Description Notes
Analysis Version Project Freta analysis engine version number The portal will advise you when a new version if available and you can resubmit
Kernel Extracted from the kernal image
VM Info - Name The snapshot file extension One of VMRS, LIME, CORE, or RAW
VM Info - Regions Memory regions available in the snapshot For example, this does not include memory reserved by hardware
Kernel ASLR Offset Size of kernel memory shift Changes with each reboot
CR3 CR3 register value Identifies location of the page tables, see this

Forensic Hints

Most of these data cannot be obtained from a running Linux system (save the kernel name using the uname -a command), so an internal-external comparison is not possible here.