Install volatility 2: New mwthod
1=>sudo apt install -y build-essential git libdistorm3-dev yara libraw1394-11 libcapstone-dev capstone-tool tzdata
2=>sudo apt install -y python2 python2.7-dev libpython2-dev
3=>curl <https://bootstrap.pypa.io/pip/2.7/get-pip.py> --output get-pip.py
4=>sudo python2 get-pip.py
5=>sudo python2 -m pip install -U setuptools wheel
6=>python2 -m pip install -U distorm3 yara pycrypto pillow openpyxl ujson pytz ipython capstone
7=>sudo python2 -m pip install yara
8=>sudo ln -s /usr/local/lib/python2.7/dist-packages/usr/lib/libyara.so /usr/lib/libyara.so
9=>python2 -m pip install -U git+https://github.com/volatilityfoundation/volatility.git
volatility memory capture yools:
<https://github.com/microsoft/avml>
Old method:
step 1>git clone <https://github.com/volatilityfoundation/volatility.git>
step 2>sudo apt-get install pcregrep libpcre++-dev python-dev -y
step 3>cd volatility
step 4>sudo python setup.py install
step 5>python setup.py build
step 6>sudo python setup.py build install
step 7>sudo apt-get install yara -y
step 8>Copy the drive link>><https://drive.google.com/drive/folders/1S1Oo83VPGTK04mvLGhlIXmp20ak43R2K?usp=sharing>
click the Download option as you see my picture.
step 9>unzip the folder that you have downloaded.Then enter into that folder.
step 10>Then open a terminal here..
step 11>cd distorm3
step 12>sudo python setup.py build
step 13>sudo python setup.py build install
step 14>tar -xvzf pycrypto-2.6.1.tar.gz
step 15>cd pycrypto-2.6.1
step 16>sudo python setup.py build
step 17>sudo python setup.py build install
step 18>vol.py --h
Then you can see you have installed volatility successfully.
Volatility GUI: https://www.osforensics.com/tools/volatility-workbench.html
[ Analysis korar jonno memory sample pawa jabe latest ]
Linux memory capture tool: https://github.com/microsoft/avml/releases
wget https://github.com/microsoft/avml/releases/download/v0.8.0/avml
uses: sudo ./avml memory.raw[sample name]
room solve: https://cyberdefenders.org/blueteam-ctf-challenges/78