Skip to content

AsafEitani/Volatility3LinuxSymbols

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
Dockerfile-template
Dockerfile-template
 
 
README.md
README.md
 
 
build_profile.sh
build_profile.sh
 
 
install_symbols.sh
install_symbols.sh
 
 

Repository files navigation

Volatility3LinuxSymbols

Linux symbols creation tool for Volatility3

Usage:

build_profile.sh [-h] [-v volatility dir] [-f dump path] [-k kernel version] [-d container distro] -- Volatility3 Linux kernel symbols creation tool

where:
    -h|--help    show this help text
    -v|--voldir  Volatility3 directory path
    -f|--file    memory dump path
   [-k|--kernel] memory dump kernel version (default: calculated from the dump with Volatility3 banner plugin)
   [-d|--distro] linux distribution for the symbol creation docker container (default:'ubuntu:focal')

Example:

Automatic kernel version detection:

./build_profile.sh -f dump.raw -v /home/ubuntu/volatility3/

Manual kernel version:

./build_profile.sh -f dump.raw -v /home/ubuntu/volatility3/ -k 5.13.0-46-generic

Notes:

Only tested on Ubuntu focal. -d flag should be an Ubuntu flavor due to apt-get usage to install the kernel symbols. The Dockerfile and install_symbols.sh can be modified to be used in other distributions.

About

Linux symbols creation tool for Volatility3

Topics

linux linux-kernel symbols volatility volatility-framework volatility3

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy