Volatility on Ubuntu 20.04

I was doing some memory forensics and noticed that Volatility wasn’t available in the packages in Ubuntu 20.04. Here’s what I did to get it installed.

sudo apt update
sudo apt install -y python2 python-dev dwarfdump build-essential yara zip git
wget https://bootstrap.pypa.io/get-pip.py
sudo python2 get-pip.py
rm get-pip.py
sudo pip2 install pycrypto yara-python distorm3==3.4.4 # https://github.com/volatilityfoundation/volatility/issues/719
git clone https://github.com/volatilityfoundation/volatility.git 
cd volatility
sudo python2 setup.py install

Next, I made a profile for my system and placed its location within .volatilityrc. If you already have a .volatilityrc, this script will not clobber your settings and you should make the reflected changes manually.

cd tools/linux/
make
sudo zip $(lsb_release -i -s)_$(uname -r).zip ./module.dwarf /boot/System.map-$(uname -r)
mkdir ~/.volatility_plugins
cp $(lsb_release -is)_$(uname -r).zip ~/.volatility_plugins
if [ ! -e "$HOME/.volatilityrc" ]; then 
cat << __EOF__ > ~/.volatilityrc
[DEFAULT]
plugins=$HOME/.volatility_plugins
__EOF__
fi

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Share this:

Like this:

Leave a Reply Cancel reply