volatility-tools for Debian
---------------------------

To generate a profile to a Linux version, follow these steps:

1. Log in a system that is using the target kernel (you can make it in any
   machine running the desired kernel).
2. Install gcc, make, zip and the linux-headers-(?) packages.
3. Go to /usr/src/volatility-tools/linux.
4. Run 'make' command.
5. Run 'zip _profile-name-to-use_.zip module.dwarf /boot/System.map-(?)'
6. Copy the zip file to volatility profiles folder. Use the
   'dpkg -L volatility' command to find the folder. Generally at
   /usr/lib/pythonVERSION/dist-packages/volatility/plugins/overlays/linux/,
   where VERSION is a python version.
7. Use the command 'volatility --info | grep Linux' to see if the new profile
   was recognised.

PS: in commands, (?) must be replaced by the right option.

To see more about profiles, go to
https://github.com/volatilityfoundation/volatility/wiki/Linux

 -- Joao Eriberto Mota Filho <eriberto@debian.org>  Tue, 07 Jan 2014 16:52:30 -0200,
    Updated at Sun, 22 Oct 2016 13:55:00 -0200.