Report: Image Info
The 'front page' of the Project Freta report contains a number of global values obtained from the analysis of the target memory image.
Report Data: Image Info
Following are a set of values harvested at the instant the memory snapshot was taken of the centos 6 - 2.6.32-696.28.1.el6.x86_64 image from the samples gallery (requires authentication).
The following table describes each column of the reported data.
| Field | Description | Notes |
|---|---|---|
| Analysis Version | Project Freta analysis engine version number | The portal will advise you when a new version if available and you can resubmit |
| Kernel | Extracted from the kernal image | |
| VM Info - Name | The snapshot file extension | One of VMRS, LIME, CORE, or RAW |
| VM Info - Regions | Memory regions available in the snapshot | For example, this does not include memory reserved by hardware |
| Kernel ASLR Offset | Size of kernel memory shift | Changes with each reboot |
| CR3 | CR3 register value | Identifies location of the page tables, see this |
Forensic Hints
Most of these data cannot be obtained from a running Linux system
(save the kernel name using the uname -a command), so an
internal-external comparison is not possible here.