nenodias/README.md

Last active April 20, 2017 12:27

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/nenodias/bb354133aab239f954ec58857e0db72f.js"></script>
Save nenodias/bb354133aab239f954ec58857e0db72f to your computer and use it in GitHub Desktop.

Download ZIP

Aula 18/04/2017 - Perícia Forense

Raw

README.md

instalar

Lime

sudo apt-get install volatility libelf1 libelf-dev
insmod lime-{uname -r}.ko "path=/root/mem.lime format=lime"
rmmod lime

libdwarf

Compilar com

./configure
make dd
cp dwarfdump/dwarfdump /usr/local/bin
cp dwarfdump/dwarfdump.conf /usr/local/lib
cp libdwarf/libdwarf.a /usr/local/lib
cd /usr/src/volatility-tools/linux/
/usr/local/bin/dwarfdump -di ./module.o > module.dwarf

cp /usr/src/volatility-tools/linux/module.dwarf /root
cp /boot/System.map-3.16.0-4-686-pae /root

Zipar o module.dwarf + System.map-xxxx

"Debian.zip" nesse exemplo

volatility --plugins=/root --info | grep Debian

Retorna o nome do plugin

volatility --plugins=/root --profile=LinuxDebianx86 -f mem.lime --info | grep linux | less

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

nenodias/README.md

Select an option

No results found

Select an option

No results found

instalar

Compilar com

Zipar o module.dwarf + System.map-xxxx

Retorna o nome do plugin