skip to Main Content

How to install Volatility on Ubuntu 12.04 LTS

Updated 2012-09-09

1.) Installing SVN and Basic Dependencies

# apt-get install subversion pcregrep libpcre++-dev python-dev -y

2.) Installing Distorm3

# wget http://distorm.googlecode.com/files/distorm-package3.1.zip
# unzip distorm-package3.1.zip
# cd distorm3
# python setup.py build
# python setup.py build install
# cd ..

3.) Installing G++

# apt-get install build-essential

4.) Installing YARA

# wget http://yara-project.googlecode.com/files/yara-1.6.tar.gz
# tar -xvzf yara-1.6.tar.gz
# cd yara-1.6
# ./configure
# make
# make check
# make install
# cd ..

5.) Installing Yara-Python

# wget http://yara-project.googlecode.com/files/yara-python-1.6.tar.gz
# tar -xvzf yara-python-1.6.tar.gz
# cd yara-python-1.6
# python setup.py build
# python setup.py build install
# cd ..

If you are on Ubuntu you will need to also run the following commands:

# echo “/usr/local/lib” >> /etc/ld.so.conf
# ldconfig

6.) Installing GMP

# apt-get install libgmp3-dev

7.) Installing PyCrypto (Python Cryptography Toolkit)

# wget http://ftp.dlitz.net/pub/dlitz/crypto/pycrypto/pycrypto-2.6.tar.gz
# tar -xvzf pycrypto-2.6.tar.gz
# cd pycrypto-2.6
# python setup.py build
# python setup.py build install
# cd ..

8.) Installing Sqlite3

# apt-get install sqlite3 libsqlite3-dev

9.) Installing Volatility 2.1 RC1 from SVN

# svn checkout http://volatility.googlecode.com/svn/trunk Volatility

10.) Installing the Malware Plugins

# wget http://code.google.com/p/malwarecookbook/source/browse/trunk/malware.py

Place the plugin in the ‘plugins’ directory within the Volatility directory (/Volatility/volatility/plugins/).

11.) Go into your Volatility directory and check your supported plugin commands

python vol.py -h

Note: To update your repository you can run the following command from inside the trunk directory:

# svn update







Links:
Example usage cases and output for Volatility 2.1 commands
Volatility 2.1 Features by Plugin
Basic Usage for Volatility 2.1
Volatility Documentation Project (VDP) 2.0
Yara – A malware identification and classification tool

This Post Has One Comment
  1. Newbie here. Great instructions, thanks!, except the ‘svn checkout…’ in step (9) now gets Volatility 2.2 Alpha, which doesn’t seem to be stable as ‘imageinfo’ didn’t work.

    I downloaded the 2.1 tar.gz file from here:
    http://code.google.com/p/volatility/downloads/detail?name=volatility-2.1.tar.gz&can=2&q=
    and instead of installing off of root, I ungzipped it from my home directory (e.g. ‘/home/iggye’), added ‘malware.py’ to the plugins directory, and Volatility seems to be working fine.

Comments are closed.

Back To Top