I've spent several hours troubleshooting my Volatility3 configuration, only to find that my memory capture (captured with AVML) was compressed, which is what was actually causing the problem.

After sharing my mistake with colleagues and other investigators, I was told by several people that they have done the exact same thing - wasted several hours of an investigation troubleshooting, only to find out that their image was compressed.

An issue has been opened with Volatility3 for better error handling of AVML-compressed images but, the issue is rooted in AVML.

If compressed image file names were appended with a different file extension, for example, ".compressed", this would likely mitigate many user errors and also allow the maintainers of volatility to more gracefully handle issues related to AVML compressed images.

It's great to hear you are using avml but less good that you're experiencing issues during investigation.

AVML doesn't specify the filename or extensions used in the output file. The filename is required to be specified by the user (see usage).

I can update the example documentation to refer to .lime.compressed to make it more clear, but the extension is up to the user to provide.