“The Volatility Framework is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. ” Volatility GitHub
Kali Linux has dropped volatility from their new release and you won’t be able to install it as usual apt-get install. You can go to GitHub and get info to install it via volatility download https://www.volatilityfoundation.org/releases. But when you start running it you will see many error pop up. This mainly due to no python availability in new debian and missing dependencies.
It took me few hours of fiddling around with various package install and reading through many post. But this is the method I was able to test and get it working.
Big thanks to Jason @ Jase IT and whoever did post to install python2 @ https://stackoverflow.com/questions/61981156/unable-to-locate-package-python-pip-ubuntu-20-04
Sudo su
apt-get update
###Install phython2
apt install python2
####Install pip2
curl https://bootstrap.pypa.io/get-pip.py –output get-pip.py
python2 get-pip.py
If Error happened run below and then run python2 get-pip.py
curl https://bootstrap.pypa.io/2.7/get-pip.py –output get-pip.py
###Install python3
apt install python3
###Install pip3
apt install python3-pip
###Install dependency
apt-get install pcregrep libpcre++-dev python-dev -y
###Upgrade setuptool
pip2 install –upgrade setuptools (make sure it is dash dash before upgrade setuptools NOT single dash)
###Install pip dependency
pip2 install pycrypto
pip2 install distorm3
###Download and extract volatility from https://www.volatilityfoundation.org/releases listed as “Source Code”
###CD into the location source code
python setup.py install
python vol.py -h to see more info
Literally, spent 4 hours trying to make this program work, and this tutorial solved everything in like 5 minutes. This is just perfect <3, Thank you!
LikeLiked by 1 person
pip2 install –upgrade setuptools
Typing this command gives the following error:
ERROR: Invalid requirement: ‘\ xe2 \ x80 \ x93upgrade’
_______
It would be “- -upgrade”, ie “twice -“, not “–upgrade”.
LikeLike
Thanks for pointing that but it is already double dash while I’m editing the page but when i publish it seems to be switched.
LikeLike