Build the volatility3 container

docker build --tag volatility3-centos8:0.0.1 .

Requeriments

Put the collected memory, new linux profile and additional things (like yara rules) in a local directory to be shared within the container. Example:

mkdir -p $HOME/volatility/symbols/linux
mkdir -p $HOME/volatility/yara-rules

mv output.lime $HOME/volatility/
mv linux-volatility-profile.json.xz $HOME/volatility/symbols/linux
mv yara-rule.yar $HOME/volatility/yara-rules

Use the local directory as a volume in the docker instance

docker run -v $HOME/volatility:/data -ti volatility3-centos8:0.0.1

Add the new linux profile to the kernel symbols files

zip volatility/symbols/linux.zip /data/symbols/linux/linux-volatility-profile.json.xz

Run volatility3

python3 vol.py -f /data/output.lime linux.pslist
python3 vol.py -f /data/output.lime linux.lsof
python3 vol.py -f /data/output.lime yarascan.YaraScan --yara-file /data/yara-rules/yara-rule.yar

References

volatility3

Name		Name	Last commit message	Last commit date
Latest commit History 7 Commits
Dockerfile		Dockerfile
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Build the volatility3 container

Requeriments

Use the local directory as a volume in the docker instance

Add the new linux profile to the kernel symbols files

Run volatility3

References

About

Releases

Packages

Languages

karmatr0n/volatility3-centos8

Folders and files

Latest commit

History

Repository files navigation

Build the volatility3 container

Requeriments

Use the local directory as a volume in the docker instance

Add the new linux profile to the kernel symbols files

Run volatility3

References

About

Topics

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages