[Vol-users] Help with Volatility on Linux

Mike Auty mike.auty at gmail.com
Sat Nov 24 09:57:59 CST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hiya Scott,

You have to provide a profile in order to let volatility know you're
dealing with a linux system.  Volatility 2.2 assumes that if you don't
specify a profile you're dealing with a Windows XP system.  "python
vol.py -h" won't tell you about linux plugins if it thinks you're
dealing with a windows system because we've got too many plugins to
make the output useful.

You can list all the profiles you install of volatility knows about by
running "python vol.py --info".  If you don't have an Ubuntu profile,
you may have to make your own.  Instructions for making a profile for
linux can be found at [1].

Once you have your profile made, you can tell volatility to use it, by
always including "--profile=Linux<yourprofilename>" in your volatility
command line.  You can then use "python vol.py -h" to see all the
available linux plugins.

Please let us know how you get on and if you're still having problems
making use of the linux support in volatility 2.2...

Mike  5:)

[1] http://code.google.com/p/volatility/wiki/LinuxMemoryForensics
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)

iEYEARECAAYFAlCw7ocACgkQu7rWomwgFXpucgCePuMTPVMwlJnRD9cEy8BHifaT
uX8AoJcEvxLvUt1BeVP2hnUdJyGgvSFP
=j/7d
-----END PGP SIGNATURE-----


More information about the Vol-users mailing list