Skip to content

blacowhait/Vola-profile

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
Ubuntu18.04.6-4.15.0-163-generic.zip
Ubuntu18.04.6-4.15.0-163-generic.zip
 
 

Repository files navigation

Repo for volatility profile i was made

i make volatility profile with 2 method:

  1. Docker
  2. Manual

Docker

build docker image with target linux and kernel version. I learn this from hanasuru Github

  1. Make Dockerfile
FROM <DISTRO>:<TAG-VERSION> # distro or target OS
RUN apt update

# install kernel 
RUN apt -y install linux-tools-<KERNEL-VERSION>
RUN apt -y install linux-headers-<KERNEL-VERSION>
RUN apt -y install linux-modules-<KERNEL-VERSION>

RUN apt -y install zip git build-essential dwarfdump
RUN git clone https://github.com/volatilityfoundation/volatility.git
RUN sed -i 's/\$(shell uname -r)/"<KERNEL-VERSION>"/' volatility/tools/linux/Makefile
RUN cd volatility/tools/linux/ && make
RUN zip /<DISTRO-VERSION>-<KERNEL-VERSION>.zip volatility/tools/linux/module.dwarf /boot/System.map-<KERNEL-VERSION>
  1. Build docker and get vola profile
docker build -t volatility:<DISTRO-VERSION> .
docker run --name profile volatility<DISTRO-VERSION>
docker cp profile:<DISTRO-VERSION>-<KERNEL-VERSION>.zip /root/<DISTRO-VERSION>-<KERNEL-VERSION>.zip
  1. Move profile to volatility folder
  2. for example Dockerfile and example another distro
FROM alpine:3.12.6

RUN echo "http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/main" >> /etc/apk/repositories
RUN echo "http://dl-cdn.alpinelinux.org/alpine/v$(cat /etc/alpine-release | cut -d'.' -f1,2)/community" >> /etc/apk/repositories
RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories

RUN apk update
RUN apk add zip git gcc libgcc make  libdwarf-dev  dwarf-tools  libdwarf 
RUN apk add linux-lts-dev linux-lts

RUN git clone https://github.com/volatilityfoundation/volatility.git
RUN sed -i 's/$(shell uname -r)/5.4.143-0-lts/' volatility/tools/linux/Makefile
RUN cd volatility/tools/linux/ && make
# RUN ls -lah /boot
RUN zip /profile.zip volatility/tools/linux/module.dwarf /boot/System.map-lts

Manual

use virtualBox with target linux version

git clone https://github.com/volatilityfoundation/volatility.git
cd volatility/tools/linux/ && make
cd ../../../
zip $(lsb_release -i -s)_$(uname -r)_profile.zip ./volatility/tools/linux/module.dwarf /boot/System.map-$(uname -r)
rm -rf ./volatility

if kernel version doesnt match, just use

sudo apt install <KERNEL-VERSION>

About

Volatility Profile & How To Make Volatility Profile

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages