Volatility Get Plugins Bash Script

Earlier I had written about all of the known Volatility plugins and how to go about installing them. Now I've decided to make things even easier for some, by including a bash script that will download and install all of these plugins. It will also install pefile, pycrypto and pydasm. I have tested it on a linux box as well as a cygwin installation.

Make sure you are running this as root (or with sudo) if you are doing this under Linux. Also make sure you have subversion installed.

Prereqs for Cygwin:

Obviously you must have Cygwin installed. In addition to what I have listed in a previous post, you will also need to install:

* wget
* unzip
* svn (subversion)

Hopefully I haven't forgotten anything... let me know if I have.

Simply unzip the bash script into the directory where you want Volatility installed. Then run the script:

$ ./get_plugins.bsh

This bash script removes one of the example files (memory_plugins/example3.py) since it has a conflicting _EPROCESS definition, so if you want that file - simply comment out that remove statement.

You will have to install Inline::Python yourself until I figure out a way to get it installed in a general fashion.

Let me know if you encounter errors.

Cygwin Installation

Note: I am reusing a post from my forensics class at John Jay College. This will be used as a reference for an upcoming post on Volatility module installation. So be patient, there is more to come...

This post goes over an installation of Cygwin which is a Linux-like environment for windows. Since most of you have Windows machines, this will allow you run tools that normally run under Linux/Unix environments.

The setup file is here.

When you download setup, double click it. You should see the following:




Press ``Next'' and choose ``Install from the Internet'' :



Choose where to install Cygwin (by default it is in C:\Cygwin):



Cygwin will create a directory in which it will store the its files during installation. After installation you can delete the folder. The default location is the desktop:



Select your internet connection. The default is OK:



Select a mirror (mirrorservice.org is good):



Press ``Next'' You should see the following:



Next you will see a list of packages you can download. By default these are organized by category:



If you press the plus signs on the left hand side, it will open up the category and you can select specific packages:




Here is a list of packages you need organized by category:

From the Base category
1. Everything

From the Devel category
1. Gcc: C, C++, Fortran compilers
2. gcc-mingw: Mingw32 support headers and libraries for GCC
3. gcc2: Version X.XX.X [whatever is latest] of C, C++, Fortran compilers
4. gdb: The GNU Debugger
5. make: The GNU version of the `make' utility
6. mingw-runtime: MinGW Runtime
7. openssl-devel: The OpenSSL development environment

From the Editors category
1. Nano: A pico clone text editor with extensions [works like pico]
2. vim: Vi Improved – enhanced vi editor

From the Interpreters category
1. Perl
2. Python

From the Utils category
1. until-linux: Random collection of Linux utilities
2. file
3. ELFIO

From the Text category
1. less: A file pager program, similar to more(1)

After you have made your selections, press next for installation to begin. This part is the actual installation, and may take some time. Just let it finish. After it finishes you will be asked if you want to create shortcuts on the desktop. Make sure to click Finish.

Running Cygwin

When you run Cygwin for the first time, it might take a little longer to start up. This is because it is configuring
a few more files for your environment. Then you should get a command line prompt that looks like:

You are now able to work on your programs at home on your windows machines.