I heard that Volatility is used as a forensic tool as an option of Cuckoo, so I installed it, so it is a memo. To be honest, I was able to do it without any particular problems other than Yara.
Some packages are included in the process of installing Cuckoo etc., but I think that some people use Volatility alone, so I will write both.
#For Cuckoo
$ sudo apt-get install pcregrep libpcre++-dev
#For Volatility only
$ sudo apt-get install python python-pip unzip subversion pcregrep libpcre++-dev python-dev
$ sudo pip install pycrypto
$ wget https://distorm.googlecode.com/files/distorm3.zip
$ unzip distorm3.zip
$ cd distorm3/
$ python setup.py build
$ sudo python setup.py build install
Regarding the installation of Yara Yara error when running Cuckoo Sandbox I wrote it in, so please refer to that.
$ wget https://volatility.googlecode.com/files/volatility-2.3.1.tar.gz
$ tar zxvf volatility-2.3.1.tar.gz
$ cd volatility-2.3.1/
$ python setup.py build
$ sudo python setup.py build install
Finally, it is OK if the following standard output is obtained.
If you see Failed to ..., it fails, so please reconfirm the procedure.
$ python vol.py -h
Volatility Foundation Volatility Framework 2.3.1
Usage: Volatility - A memory forensics analysis platform.
Options:
-h, --help list all available options and their default values.
Default values may be set in the configuration file
(/etc/volatilityrc)
(Omitted below)
Recommended Posts