Saturday, October 22, 2011

Volatility on Windows

Volatilityyyyyyy!! 
Sometimes dedication pays off. You get such a great feeling when (finally) whatever you were trying to do suddenly works. That apple pie recipe your grandma gave you that you have ruined x+1 times.That time you have never been able to beat for a 5k. Getting volatility to work (with plugins) in a Windows environment.

Today. My friends, is the day we are victorious!

This installation guide will be your bible for the next 30-45minutes.Follow it to the letter and you will succeed. The only change I did was for Distorm3 I download 'distorm3-1.0.win32.exe' instead of the zip file. Just execute the file, chose the Python version you are using, and let it go!

Now for the plugins, there is a great list on the Forensic Wiki.Gleeda also just released some plugins for assisting in timeline analysis, eventlogs, and more.You can see her blog post about it here.

So after installing Volatility, I should not have to tell you the importance of reading instructions. The same goes for plugins, some require dependencies. Be sure to read up on them to help stop the tears later.

I had the standalone volatility, but decided (in the long run) its better to do it this way. So the videos will be up and coming shortly!






Posted by at Saturday, October 22, 2011
Labels: , , ,

2 comments:

JL said...

Hi,

I just wanted to leave one comment: the plugins on the forensics wiki are incompatible with the current Volatility 2.0 framework. Information about current plugins can be found in our documentation wikis such as: Command Reference, FAQ and Doc Files 2.0 which contains links to external blogs and plugins.

8:27 PM
-Sketchymoose said...

Thanks JL-- very good to know, I have really only used the core ones, yours, and some from the Malware Cookbook with (I think?) no issues yet... but this is useful if one encounters an error and can't figure out why! Cheers!

5:42 AM

Post a Comment

Subscribe to: Post Comments (Atom)