search

Memory

hashtag
Installing Vol 2,3

https://seanthegeek.net/1172/how-to-install-volatility-2-and-volatility-3-on-debian-ubuntu-or-kali-linux/arrow-up-right

hashtag
Installing Volatility

  • Python2

sudo apt install -y build-essential git libdistorm3-dev yara libraw1394-11 libcapstone-dev capstone-tool tzdata
sudo apt install -y python2 python2.7-dev libpython2-dev
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
sudo python2 get-pip.py
sudo python2 -m pip install -U setuptools wheel
python2 -m pip install -U distorm3 yara pycrypto pillow openpyxl ujson pytz ipython capstone
sudo python2 -m pip install yara
sudo ln -s /usr/local/lib/python2.7/dist-packages/usr/lib/libyara.so /usr/lib/libyara.so
python2 -m pip install -U git+https://github.com/volatilityfoundation/volatility.git

  • Python3

sudo apt install -y python3 python3-dev libpython3-dev python3-pip python3-setuptools python3-wheel
python3 -m pip install -U distorm3 yara pycrypto pillow openpyxl ujson pytz ipython capstone
python3 -m pip install -U git+https://github.com/volatilityfoundation/volatility3.git

hashtag
Convert between formats

The qemu-img convert command can do conversion between multiple formats, including qcow2, qed, raw, vdi, vhd, and vmdk.

Reference: https://docs.openstack.org/image-guide/convert-images.htmlarrow-up-right

hashtag
Create Volatility-2 Profile

  • Determine OS and Kernel version

Loading the profile

hashtag
Create volatility-3 Profile

Loading the profile

hashtag
Command history

  • Linux

hashtag
Credentials Hunting

  • Environment Variables

  • Lsass

  • Notepad

  • Clipboard

  • Browser Password Managers

  • Cookies

PreviousWindows LogsNextBrowser

Last updated