The security/volatility3 port
volatility3-2.5.2 – volatile memory extraction framework (cvsweb github mirror)
Description
Volatility is the world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and complexities associated with extracting digital artifacts from volatile memory samples and provide a platform for further work into this exciting area of research. In 2019, the Volatility Foundation released a complete rewrite of the framework, Volatility 3. The project was intended to address many of the technical and performance challenges associated with the original code base that became apparent over the previous 10 years. Another benefit of the rewrite is that Volatility 3 could be released under a custom license that was more aligned with the goals of the Volatility community, the Volatility Software License (VSL).WWW: https://www.volatilityfoundation.org/
Readme
+-------------------------------------------------------------------------------
| Running ${PKGSTEM} on OpenBSD
+-------------------------------------------------------------------------------
Install symbol tables
=====================
Symbol table packs for the various operating systems are available for
download at:
https://downloads.volatilityfoundation.org/volatility3/symbols/windows.zip
https://downloads.volatilityfoundation.org/volatility3/symbols/mac.zip
https://downloads.volatilityfoundation.org/volatility3/symbols/linux.zip
The hashes to verify whether any of the symbol pack files have
downloaded successfully or have changed can be found at:
https://downloads.volatilityfoundation.org/volatility3/symbols/SHA256SUMS
https://downloads.volatilityfoundation.org/volatility3/symbols/SHA1SUMS
https://downloads.volatilityfoundation.org/volatility3/symbols/MD5SUMS
Symbol tables zip files must be placed, as named, into the
${LOCALBASE}/lib/python${MODPY_VERSION}/site-packages/volatility3/framework/symbols/
directory (or just the symbols directory next to the executable file).
Windows symbols that cannot be found will be queried, downloaded,
generated and cached. Mac and Linux symbol tables must be manually
produced by a tool such as dwarf2json.
Maintainer
Sebastian Reitenbach