Creating a Volatility profile
To analyze Linux memory dumps, you need to create a Volatility profile that corresponds to the target host configurations. Let's consider this with an example. First, you need to install the zip and dwarfdump packages, as shown in the following screenshot:
Figure 7.7 – dwarfdump and zip installation
Next, we need to download Volatility. To do this, we will use the git clone command, which allows us to clone repositories from GitHub. If you do not have git, it must be installed using apt:
$ sudo apt-get install git $ git clone https://github.com/volatilityfoundation/volatility.git
After that, you should go to the volatility/tools/linux directory and run the make command:
$ cd volatility/tools/linux $ make
The listed actions will look as follows:
Figure 7.8 – Creating the dwarf module
As a result, you will get a module.dwarf file.
Important Note
Depending on the distribution...
