So for those that dont know volatility is a forensics tool for investigating data from memory. It can be found here:
http://www.volatilesystems.com/default/volatility

Unfortunately BT5 was only on version 1.3 so I decided to update it to v2.0, the latest on the volatility website.

Here’s the quick code to update to version 2.0 🙂 Enjoy!

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#!/bin/bash
apt-get -y install cmake
cd /root/
wget http://freddie.witherden.org/tools/libforensic1394/releases/libforensic1394-0.2.tar.gz
tar zxvf libforensic1394-0.2.tar.gz
cd libforensic1394-0.2/
cmake -G"Unix Makefiles"
make
cp libforensic1394.s* /usr/lib/
cd python/
python setup.py install
rm -rf /pentest/forensics/volatility
cd /root/
wget http://www.volatilesystems.com/volatility/2.0/volatility-2.0.tar.gz
tar zxvf volatility-2.0.tar.gz
mv /root/volatility-2.0 /pentest/forensics/volatility
sed -i -e 's|\./volatility|\./vol\.py -h|' /usr/share/applications/backtrack-volatility.desktop
cd /root/
rm -rf libforensic1394*
rm -rf volatility-2.0.tar.gz

Leave a Reply