[Vol-users] Need help: Can anyone provide information about plug-ins for volatility framework, especially used for Linux

Jamie Levy jamie.levy at gmail.com
Sat Jan 2 18:04:07 CST 2010


Hi Yuhang,

Welcome to the Volatility users list!  While you have been pointed to
a wiki of all publicly maintained plugins, some of the Linux code may
not be so easy to find.  The Linux code for the DFRWS 2008 Forensic
Challenge is located in the PyFlag repository:

http://www.pyflag.net/pyflag/src/plugins/MemoryForensics/Volatility-1.3_Linux_rc.1/

Further details are available here:

http://volatilesystems.blogspot.com/2008/07/linux-memory-analysis-one-of-major.html

Some Linux code has been pulled into the 1.4_beta1 branch of the
Volatility SVN repository which you can browse at the following:

http://code.google.com/p/volatility/source/browse/#svn/branches/Volatility-1.4_beta1

or download:

svn checkout http://volatility.googlecode.com/svn/branches/Volatility-1.4_beta1/
 volatility

This branch may not be stable, but you can have a look at the Linux
plugins.  If you need more help feel free to visit the #volatility
channel on freenode (IRC).

All the best,

-Jamie



> Date: Fri, 1 Jan 2010 20:08:32 +0800
> From: yuhang gao <rainman1919 at gmail.com>
> Subject: [Vol-users] Need help: Can anyone provide information about
>        plug-ins for volatility framework, especially used for Linux
> To: vol-users at volatilityfoundation.org
>
> Dear developers,
> I would like to work on the memory forensics of Linux and I know many
> researchers
> have written plug-ins for volatility framework. I 'd appreciate anyone
> who provides me with
> information about them, especially plug-ins for Linux. I am going to
> write some ones,
> so your kindness would help me save a lot of time.
> Thanks a lot.
> Yuhang Gao


More information about the Vol-users mailing list