blacktop / docker-volatility Goto Github PK
View Code? Open in Web Editor NEWVolatility Dockerfile
License: MIT License
Volatility Dockerfile
License: MIT License
Currently, the plugins
tag fails to run volatility:
$ docker run --rm -v $(pwd):/data:ro blacktop/volatility:plugins --plugins=/plugins --info
Volatility Foundation Volatility Framework 2.6
*** Failed to import volatility.plugins.community.YingLi.python_strings (ImportError: No module named YingLi.python_strings)
ERROR : volatility.debug : Please install DPAPIck library: https://bitbucket.org/jmichel/dpapick
*** Failed to import volatility.plugins.community.StanislasLejay.linux.get_profile (ImportError: No module named linux.get_profile)
*** Failed to import volatility.plugins.community.FrancescoPicasso.mimikatz (AttributeError: 'module' object has no attribute 'ULInt32')
*** Failed to import volatility.plugins.community.AlexanderTarasenko.windbg (ImportError: No module named pykd)
*** Failed to import volatility.plugins.community.TranVienHa.osint (ImportError: No module named socks)
I guess as the Community repository evolves, new dependencies are added.
You need to hardcode a tag/commit in the Dockerfile to make sure you install all the dependencies in the build. I will try to create a PR.
Thx for the work maintaining this :-)
Thanks for all your work on this image and for providing it to the community. Would it be possible to get a new version with the latest library of community plugins? In particular, baseline.py is not found in the current image.
Thanks.
Is it possible to add Multi-Arch support? Trying to run this on Linux ARM64 VM in Apple silicon
The plugins in volatility/contrib/plugins are not enabled by default in volatility.
They are not included in the enabled plugins. The easiest way would be for them to be copied to /plugins
Upon running the following error appears
*** Failed to import volatility.plugins.community.LoïcJaquemet.vol_haystack (ImportError: cannot import name api)
Following the instructions as listed here and on the docker hub, this does not work, as I don't have the silentbanker.vmem file.
This is a Windows 10 Enterprise image, but it is 17134.
PS docker run -it --rm -v D:\Memory:/data:ro blacktop/volatility imageinfo --filename=/data/hiber.raw --profile=Win10x64_17134
Volatility Foundation Volatility Framework 2.6.1
INFO : volatility.debug : Determining profile based on KDBG search...
Suggested Profile(s) : No suggestion (Instantiated with Win7SP1x64)
AS Layer1 : WindowsHiberFileSpace32 (Unnamed AS)
AS Layer2 : FileAddressSpace (/data/hiber.raw)
PAE type : No PAE
DTB : 0x1ad000L
KUSER_SHARED_DATA : 0xfffff78000000000L
Hello, it seems the dump files option seems to be dumping files out to the volatility container. Is there anyway to provide option to attached to local or expose the host OS director for dump file option?
xxx@XXXXX:~$ docker run -i -t blacktop/volatility
Traceback (most recent call last):
File "/usr/bin/vol.py", line 4, in <module>
import pkg_resources
ImportError: No module named pkg_resources
For instance, when running the mbrparser plugin, I get the following output:
Volatility Foundation Volatility Framework 2.3.1
ERROR : volatility.plugins.mbrparser: Install distorm3 code.google.com/p/distorm/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.