Install Volatility on Debian, Ubuntu & Mint

Oct 7, 2020 by Thibault Debatty | 12635 views

Sysadmin Forensics

https://cylab.be/blog/98/install-volatility-on-debian-ubuntu-mint

In this blog post we show how to install the latest (GIT) version of Volatility memory forensics framework on Debian, Ubuntu or Mint.

Requirements

The 'stable' version of Volatility requires python 2. There is a port for python 3, but at the time of writing it is still under development: https://github.com/volatilityfoundation/volatility3

So for now the requirements for installing volatility are:

  • python 2
  • distorm3

python 2

First, check the installed version of python:

python --version

If it's not python 2, you will have to install it:

sudo apt install python2.7

distorm3

To install distorm3, we will first need pip, and a few other tools and libraries:

sudo apt install python-pip python-setuptools build-essential python-dev

Now we can install distorm3, but we need version 3.4.4 because more recent versions (3.5) do not support volatility anymore:

sudo pip install distorm3==3.4.4

Installation

To install you can simply clone the GIT repository of Volatility:

sudo apt install git
git clone https://github.com/volatilityfoundation/volatility.git
chmod +x volatility/vol.py

I like to have my manually installed apps in /opt, so I will move volatility there, and create a symlink to make it globally available:

sudo mv volatility /opt
sudo ln -s /opt/volatility/vol.py /usr/bin/vol.py

Test

vol.py --info

Getting started with Ansible
Ansible is an extremely powerful configuration management system. Ansible is able to perform a wide range of tasks on a large and heterogeneous ensemble of devices. Indeed, it relies on a system of modules (plugins) that allow to perform different tasks like software provisioning, system and application configuration management, application-deployment etc. Moreover, Ansible modules exist to manage a wide variety of devices like Linux and Windows computers, but also network equipment like switches and routers, kubernetes clusters and other cloud services like AWS, GCE and Azure. For this reasons, Ansible is sometimes coined as an infrastructure automation engine.
A light NAT router and DHCP server with Alpine Linux
Alpine Linux is a very light Linux distribution, that can run with less than 100MB of harddisk space. Here is how to configure Alpine Linux to run as a NAT router and DHCP server.
DNS over HTTPS and DNS over TLS with dnsdist
DNS is a real corner stone of privacy and security on the Internet! From the security point of view, DNS is used by your machine to link a domain name to an IP address. DNS is also used to find the email server of a recipient (using MX records). On a desktop computer, DNS is used by email clients to perform auto-configuration. Over the Internet, DNS records are used to prevent BGP hijacking (using RPKI). The list is long! From the privacy point of view, the DNS queries sent by your computer offer a clear view of the services you use.