volatility

Ubuntu 下安装 Volatility

apt-get install -y volatility
apt-get install -y python-dev
apt-get install -y python3-dev
python2 -m pip install distorm3 yara pycrypto openpyxl ujson pil
python2 -m pip install Crypto
python2 -m pip install pycryptodome
python2 -m pip install pytz
python2 -m pip install Pillow

cd /tmp
git clone https://github.com/gdabah/distorm
cd distorm
python2 -m pip install distorm3

volatility --info

kali 下安装 Volatility

cd /tmp
wget https://bootstrap.pypa.io/get-pip.py
python2 get-pip.py
python2 -m pip install --upgrade pip
apt-get install -y python-dev
apt-get install -y python3-dev

cd /tmp
git clone https://github.com/gdabah/distorm
cd distorm
python2 -m pip install distorm3

cd
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility
python setup.py build
python setup.py install
python2 -m pip install distorm3 yara pycrypto openpyxl ujson pil
python2 -m pip install Crypto
python2 -m pip install pycryptodome
python2 -m pip install pytz
python2 -m pip install Pillow

python vol.py --info

centos 下安装 Volatility

yum install -y kernel-devel
yum install -y make gcc gcc-c++
yum groupinstall -y "Development Tools"
yum install -y yum-utils
yum install -y pcre-devel libpcre++-devel python-devel pycrypto

pip install --upgrade pip
python2 -m pip install distorm3==3.4.4
python2 -m pip install yara pycrypto openpyxl ujson pil
python2 -m pip install Crypto
python2 -m pip install pycryptodome
python2 -m pip install pytz
python2 -m pip install Pillow

cd
git clone https://github.com/volatilityfoundation/volatility.git
cd volatility
python setup.py build
python setup.py install

python vol.py --info

windows 下安装 Volatility

windows 比较容易,直接访问官网下载二进制文件即可 https://www.volatilityfoundation.org/releases

使用命令

查看内存镜像的系统版本：

volatility -f 【文件名】 imageinfo