malware plugins not installed with 2.1 alpha about malwarecookbook HOT 2 CLOSED

Hmm all you should need to do is this:

$ svn checkout http://volatility.googlecode.com/svn/trunk/ volatility-read-only
$ cd volatility-read-only
$ python vol.py -h
Volatile Systems Volatility Framework 2.1_alpha
Usage: Volatility - A memory forensics analysis platform.

Options:
  -h, --help            list all available options and their default values.
                        Default values may be set in the configuration file
                        (/etc/volatilityrc)
  --conf-file=/Users/mhl/.volatilityrc
                        User based configuration file
  -d, --debug           Debug volatility
  --plugins=PLUGINS     Additional plugin directories to use (colon separated)
  --info                Print information about all registered objects
  --cache-directory=/Users/mhl/.cache/volatility
                        Directory where cache files are stored
  --cache               Use caching
  --tz=TZ               Sets the timezone for displaying timestamps
  -f FILENAME, --filename=FILENAME
                        Filename to use when opening an image
  --profile=WinXPSP2x86
                        Name of the profile to load
  -l LOCATION, --location=LOCATION
                        A URN location from which to load an address space
  -w, --write           Enable write support
  --dtb=DTB             DTB Address
  --cache-dtb           Cache virtual to physical mappings
  --use-old-as          Use the legacy address spaces
  --output=text         Output in this format (format support is module
                        specific)
  --output-file=OUTPUT_FILE
                        write output in this file
  -v, --verbose         Verbose information
  -k KPCR, --kpcr=KPCR  Specify a specific KPCR address
  -g KDBG, --kdbg=KDBG  Specify a specific KDBG virtual address

    Supported Plugin Commands:

        apihooks        
        bioskbd         Reads the keyboard buffer from Real Mode memory
        callbacks       Print system-wide notification routines
        cmdscan         Extract command history by scanning for _COMMAND_HISTORY
        connections     Print list of open connections [Windows XP Only]
        connscan        Scan Physical memory for _TCPT_OBJECT objects (tcp connections)
        consoles        Extract command history by scanning for _CONSOLE_INFORMATION
        crashinfo       Dump crash-dump information
        devicetree      Show device tree
        dlldump         Dump DLLs from a process address space
        dlllist         Print list of loaded dlls for each process
        driverirp       Driver IRP hook detection
        driverscan      Scan for driver objects _DRIVER_OBJECT 
        envars          Display process environment variables
        filescan        Scan Physical memory for _FILE_OBJECT pool allocations
        gdt             Display Global Descriptor Table
        getsids         Print the SIDs owning each process
        handles         Print list of open handles for each process
        hashdump        Dumps passwords hashes (LM/NTLM) from memory
        hibinfo         Dump hibernation file information
        hivedump        Prints out a hive
        hivelist        Print list of registry hives.
        hivescan        Scan Physical memory for _CMHIVE objects (registry hives)
        idt             Display Interrupt Descriptor Table
        imagecopy       Copies a physical address space out as a raw DD image
        imageinfo       Identify information for the image 
        impscan         Scan for calls to imported functions
        kdbgscan        Search for and dump potential KDBG values
        kpcrscan        Search for and dump potential KPCR values
        ldrmodules      Detect unlinked DLLs
        lsadump         Dump (decrypted) LSA secrets from the registry
        malfind         Find hidden and injected code
        memdump         Dump the addressable memory for a process
        memmap          Print the memory map
        moddump         Dump a kernel driver to an executable file sample
        modscan         Scan Physical memory for _LDR_DATA_TABLE_ENTRY objects
        modules         Print list of loaded modules
        mutantscan      Scan for mutant objects _KMUTANT 
        patcher         Patches memory based on page scans
        printkey        Print a registry key, and its subkeys and values
        procexedump     Dump a process to an executable file sample
        procmemdump     Dump a process to an executable memory sample
        pslist          print all running processes by following the EPROCESS lists 
        psscan          Scan Physical memory for _EPROCESS pool allocations
        pstree          Print process list as a tree
        psxview         Find hidden processes with various process listings
        raw2dmp         Converts a physical memory sample to a windbg crash dump
        shimcache       Parses the Application Compatibility Shim Cache registry key
        sockets         Print list of open sockets
        sockscan        Scan Physical memory for _ADDRESS_OBJECT objects (tcp sockets)
        ssdt            Display SSDT entries
        strings         Match physical offsets to virtual addresses (may take a while, VERY verbose)
        svcscan         Scan for Windows services
        symlinkscan     Scan for symbolic link objects 
        thrdscan        Scan physical memory for _ETHREAD objects
        threads         Investigate _ETHREAD and _KTHREADs
        timers          Print kernel timers and associated module DPCs
        userassist      Print userassist registry keys and information
        vaddump         Dumps out the vad sections to a file
        vadinfo         Dump the VAD info
        vadtree         Walk the VAD tree and display in tree format
        vadwalk         Walk the VAD tree
        volshell        Shell in the memory image
        yarascan        Scan process or kernel memory with Yara signatures

I'll assume this works for you now and close the issue. Feel free to re-open if 
there's still a problem.